Lucene search
Veracode Vulnerability DatabaseVERACODE:38706HistoryJan 02, 2023 - 10:22 a.m.
Improper Access Control
2023-01-0210:22:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
improper access control
remote attacker
usernames modification
email addresses modification
account takeover
software
0.001 Low
EPSS
Percentile
34.8%
github.com/usememos/memos is vulnerable to improper access control. A remote attacker is able to modify the usernames and email addresses of other users and thereby take over their accounts via the vulnerable user endpoint.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/usememos/memos | le | v0.9.0 | |
| github.com/usememos/memos | le | v0.9.0 |
Related
cve
cve
CVE-2022-4809
2022-12-28 14:15:11
nvd
nvd
CVE-2022-4809
2022-12-28 14:15:11
osv
osv
usememos/memos Improper Access Control vulnerability
2022-12-28 15:30:46
CVE-2022-4809
2022-12-28 14:15:11
prion
prion
Improper access control
2022-12-28 14:15:00
github
github
usememos/memos Improper Access Control vulnerability
2022-12-28 15:30:46
huntr
huntr
Full account takeover
2022-12-23 12:09:14
cvelist
cvelist
CVE-2022-4809 Improper Access Control in usememos/memos
2022-12-28 00:00:00