Lucene search

GitHub Advisory DatabaseGHSA-7QPW-2J9M-RW8C

HistoryDec 28, 2022 - 3:30 p.m.

usememos/memos has Insufficient Granularity of Access Control

2022-12-2815:30:46

CWE-1220

GitHub Advisory Database

github.com

access control

delete memo

software

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.3%

JSON

An Insufficient Granularity of Access Control in usememos/memos prior to 0.9.0 can allow an attacker to delete a memo from the archives.

Affected configurations

Vulners

Node

usememosmemosRange≤0.9.0

CPENameOperatorVersion
github.com/usememos/memosle0.9.0

CPE	Name	Operator	Version
	github.com/usememos/memos	le	0.9.0

References

github.com/advisories/GHSA-7qpw-2j9m-rw8c

github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53

huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc

nvd.nist.gov/vuln/detail/CVE-2022-4813

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for GHSA-7QPW-2J9M-RW8C