Lucene search

GoogleOSV:GHSA-7QPW-2J9M-RW8C

HistoryDec 28, 2022 - 3:30 p.m.

usememos/memos has Insufficient Granularity of Access Control

2022-12-2815:30:46

Google

osv.dev

insufficient granularity

access control

attack

deletion

archives

software

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.3%

JSON

An Insufficient Granularity of Access Control in usememos/memos prior to 0.9.0 can allow an attacker to delete a memo from the archives.

CPENameOperatorVersion
github.com/usememos/memoslt0.9.1

CPE	Name	Operator	Version
	github.com/usememos/memos	lt	0.9.1

References

github.com/usememos/memos

github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53

huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc

nvd.nist.gov/vuln/detail/CVE-2022-4813

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for OSV:GHSA-7QPW-2J9M-RW8C