Lucene search
Veracode Vulnerability DatabaseVERACODE:43155HistorySep 05, 2023 - 2:47 p.m.
Privilege Escalation
2023-09-0514:47:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
privilege escalation
jwt.go
github.com/usememos/memos
jwtmiddleware
admin privileges
private post
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
37.1%
github.com/usememos/memos is vulnerable to Privilege Escalation. The vulnerability exists in JWTMiddleware function at jwt.go due to improper admin privileges which allows an attacker to view high privilege user Admin PRIVATE POST.
Related
huntr
huntr
osv
osv
CVE-2023-4697
2023-09-01 01:15:09
usememos/memos vulnerable to privilege escalation
2023-09-01 03:30:14
cvelist
cvelist
CVE-2023-4697 Improper Privilege Management in usememos/memos
2023-09-01 00:00:20
prion
prion
Input validation
2023-09-01 01:15:00
github
github
usememos/memos vulnerable to privilege escalation
2023-09-01 03:30:14
cve
cve
CVE-2023-4697
2023-09-01 01:15:09
nvd
nvd
CVE-2023-4697
2023-09-01 01:15:09
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
37.1%
Related for VERACODE:43155