github.com/usememos/memos is vulnerable to privilege escalation. Improper privilege management due to missing server-side validation on the role
parameter allows an attacker to add a new member with the HOST role with all the HOST users privileges.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/usememos/memos | le | v0.9.0 | |
github.com/usememos/memos | le | v0.9.0 |