Lucene search
GitHub Advisory DatabaseGHSA-W57V-6XP4-RM2VHistoryDec 23, 2022 - 12:30 p.m.
usememos/memos vulnerable to account takeover due to improper access control
2022-12-2312:30:25
CWE-284
GitHub Advisory Database
github.com
17
usememos/memos
access control
account takeover
http request
vulnerability
software
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
37.0%
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Versions prior to 0.9.0 improperly maintain access control allowing an attacker to take over an account by changing header values in the HTTP request.
Affected configurations
Node
usememosmemosRange<0.9.0
Related
osv
osv
CVE-2022-4689
2022-12-23 12:15:12
usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos
2024-08-21 16:03:59
usememos/memos vulnerable to account takeover due to improper access control
2022-12-23 12:30:25
cvelist
cvelist
CVE-2022-4689 Improper Access Control in usememos/memos
2022-12-23 00:00:00
nvd
nvd
CVE-2022-4689
2022-12-23 12:15:12
huntr
huntr
Account takeover via changing password
2022-12-19 18:31:03
prion
prion
Improper access control
2022-12-23 12:15:00
veracode
veracode
Improper Access Control
2023-01-02 17:04:02
cve
cve
CVE-2022-4689
2022-12-23 12:15:12
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
37.0%
Related for GHSA-W57V-6XP4-RM2V