CVE-2022-4811 - OpenCVE

Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Usememos	Memos

Configuration 1 [-]

cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53	Patch Third Party Advisory
https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c	Exploit Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-12-28T00:00:00

Updated: 2023-07-18T15:24:51.892Z

Reserved: 2022-12-28T00:00:00

Link: CVE-2022-4811

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-12-28T14:15:11.363

Modified: 2023-07-21T19:24:45.970

Link: CVE-2022-4811

JSON object: View

Redhat Information

No data.

CWE

CWE-639

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", "versionEndExcluding": "0.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en usememos usememos/memos. Este problema afecta a usememos/memos anteriores a 0.9.1."}], "id": "CVE-2022-4811", "lastModified": "2023-07-21T19:24:45.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2022-12-28T14:15:11.363", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@huntr.dev", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Secondary"}]}