EPSS
Percentile
37.0%
github.com/usememos/memos is vulnerable to improper access control. The vulnerability exists in multiple functions due to insecure direct object references which allows an attacker to perform actions on a user’s behalf via Change Password feature.
Change Password
github.com/advisories/GHSA-qr52-59r6-49f4
github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9
github.com/usememos/memos/pull/831
huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5
huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5/