Lucene search
SamsamuraiB0795261-0F97-4F0B-BE44-9DC079E01593HistoryDec 24, 2022 - 7:18 a.m.
Archive any post (public / private) using IDOR
2022-12-2407:18:58
samsamurai
www.huntr.dev
7
idor
archive
intercept
proof of concept
bug bounty
EPSS
0.001
Percentile
30.4%
Description
It was observed that we can archive any users post using archive option by changing the post id.
1> Created user with lolwa username.
2> Posted a post and identified it’s post id 1007.
3> Now get the post id from demo user i.e 1006.
4> Now click on archive for post id 1007 from user lolwa.
5> Intercept the request and changed the post id 1007 to 1006 (1006 is post id from demo user).
6> it was observed that i can archive any users post by changing the post id.
Proof of Concept
https://drive.google.com/drive/folders/1If4VFFxHecgKPOy8K1mBoVNTzyvib_nW?usp=share_link
Related
cve
cve
CVE-2022-4801
2022-12-28 14:15:10
osv
osv
usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos
2024-08-21 16:04:01
CVE-2022-4801
2022-12-28 14:15:10
usememos/memos has Insufficient Granularity of Access Control
2022-12-28 15:30:45
veracode
veracode
Improper Access Control
2023-01-02 12:24:05
cvelist
cvelist
CVE-2022-4801 Insufficient Granularity of Access Control in usememos/memos
2022-12-28 00:00:00
prion
prion
Authorization
2022-12-28 14:15:00
github
github
usememos/memos has Insufficient Granularity of Access Control
2022-12-28 15:30:45
nvd
nvd
CVE-2022-4801
2022-12-28 14:15:10