Lucene search

GoogleOSV:CVE-2022-4814

HistoryDec 28, 2022 - 2:15 p.m.

CVE-2022-4814

2022-12-2814:15:11

Google

osv.dev

github repository

access control

usememos/memos

software

cve-2022-4814

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.3%

JSON

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.

CPENameOperatorVersion
memoseq0.8.0
memoseq0.8.2
memoseq0.5.0
memoseq0.7.2
memoseq0.6.1
memoseq0.8.1
memoseq0.4.3
memoseq0.4.1
memoseq0.7.0
memoseq0.4.2

Name	Operator	Version
memos	eq	0.8.0
memos	eq	0.8.2
memos	eq	0.5.0
memos	eq	0.7.2
memos	eq	0.6.1
memos	eq	0.8.1
memos	eq	0.4.3
memos	eq	0.4.1
memos	eq	0.7.0
memos	eq	0.4.2

Rows per page:

1-10 of 161

References

github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53

huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for OSV:CVE-2022-4814