Lucene search

@huntrdevCVELIST:CVE-2023-5036

HistorySep 18, 2023 - 5:46 a.m.

CVE-2023-5036 Cross-Site Request Forgery (CSRF) in usememos/memos

2023-09-1805:46:44

CWE-352

@huntrdev

www.cve.org

cve-2023-5036

cross-site request forgery

github

memos

vulnerability

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

24.3%

JSON

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.

CNA Affected

[
  {
    "vendor": "usememos",
    "product": "usememos/memos",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "0.15.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536

huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

24.3%

JSON

Related for CVELIST:CVE-2023-5036