CVE-2022-4689 – github.com/usememos/memos

Package

Manager: go
Name: github.com/usememos/memos
Vulnerable Version: >=0 <0.9.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00073 pctl0.22756

Details

usememos/memos vulnerable to account takeover due to improper access control usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Versions prior to 0.9.0 improperly maintain access control allowing an attacker to take over an account by changing header values in the HTTP request.

Metadata

Created: 2022-12-23T12:30:25Z
Modified: 2023-01-02T20:15:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-w57v-6xp4-rm2v/GHSA-w57v-6xp4-rm2v.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-w57v-6xp4-rm2v
Finding: F039
Auto approve: 1