Lucene search
Veracode Vulnerability DatabaseVERACODE:38720HistoryJan 02, 2023 - 2:41 p.m.
Information Disclosure
2023-01-0214:41:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
github
usememos
memos
information disclosure
vulnerability
attacker
private memo
public memo
view
data
patch request
0.001 Low
EPSS
Percentile
29.1%
github.com/usememos/memos is vulnerable to information disclosure. An attacker is able to make a private memo into a public memo in order to view it using the memo ID via making a PATCH request to /api/memo/ and view the memo data of the victim.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/usememos/memos | le | v0.9.0 | |
| github.com/usememos/memos | le | v0.9.0 |
Related
osv
osv
CVE-2022-4804
2022-12-28 14:15:10
usememos/memos Improper Authorization vulnerability
2022-12-28 15:30:45
cvelist
cvelist
CVE-2022-4804 Improper Authorization in usememos/memos
2022-12-28 00:00:00
cve
cve
CVE-2022-4804
2022-12-28 14:15:10
prion
prion
Authorization
2022-12-28 14:15:00
nvd
nvd
CVE-2022-4804
2022-12-28 14:15:10
huntr
huntr
Unauthorized Attacker Can Change Visibility Status of Victim's Memos
2022-12-26 06:56:03
github
github
usememos/memos Improper Authorization vulnerability
2022-12-28 15:30:45