github.com/usememos/memos is vulnerable to improper access control. Access control bypass via insecure direct object references allows an attacker to perform actions on a user’s behalf, through Change Password
feature, resulting in account takeover.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/usememos/memos | le | v0.9.0 | |
github.com/usememos/memos | le | v0.9.0 |