CVE-2022-4734 - OpenCVE

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Usememos	Memos

Configuration 1 [-]

cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210	Patch Third Party Advisory
https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-12-25T00:00:00

Updated: 2023-07-18T15:25:34.082Z

Reserved: 2022-12-25T00:00:00

Link: CVE-2022-4734

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-12-27T15:15:12.767

Modified: 2023-07-21T19:24:53.017

Link: CVE-2022-4734

JSON object: View

Redhat Information

No data.

CWE

CWE-212

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", "versionEndExcluding": "0.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.\n\n"}, {"lang": "es", "value": "Eliminaci\u00f3n incorrecta de informaci\u00f3n confidencial antes del almacenamiento o transferencia en el repositorio de GitHub usememos/memos anteriores a 0.9.1.\n"}], "id": "CVE-2022-4734", "lastModified": "2023-07-21T19:24:53.017", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2022-12-27T15:15:12.767", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-212"}], "source": "security@huntr.dev", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-212"}], "source": "nvd@nist.gov", "type": "Secondary"}]}