Lucene search

GitHub Advisory DatabaseGHSA-VH43-CC6X-PRPR

HistoryDec 29, 2022 - 6:30 p.m.

usememos/memos vulnerable to Improper Verification of Source of a Communication Channel

2022-12-2918:30:24

CWE-940

GitHub Advisory Database

github.com

github

communication channel

security vulnerability

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.9%

JSON

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos 0.9.0 and prior.

Affected configurations

Vulners

Node

usememosmemosRange≤0.9.0

VendorProductVersionCPE
usememosmemos*cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
usememos	memos	*	cpe:2.3:a:usememos:memos::::::::

References

github.com/advisories/GHSA-vh43-cc6x-prpr

github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948

huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc

nvd.nist.gov/vuln/detail/CVE-2022-4848

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

21.9%

JSON

Related for GHSA-VH43-CC6X-PRPR