Vulnerabilites related to usememos - memos
cve-2022-4609
Vulnerability from cvelistv5
Published
2022-12-19 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:41:45.634Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/5b3115c5-776c-43d3-a7be-c8dc13ab81ce", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/726285e63467820f94cbf872abe71025a161c212", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/5b3115c5-776c-43d3-a7be-c8dc13ab81ce", }, { url: "https://github.com/usememos/memos/commit/726285e63467820f94cbf872abe71025a161c212", }, ], source: { advisory: "5b3115c5-776c-43d3-a7be-c8dc13ab81ce", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4609", datePublished: "2022-12-19T00:00:00", dateReserved: "2022-12-19T00:00:00", dateUpdated: "2024-08-03T01:41:45.634Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4734
Vulnerability from cvelistv5
Published
2022-12-25 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.430Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.</p>", }, ], value: "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-212", description: "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-18T15:25:34.082Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b", }, { url: "https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210", }, ], source: { advisory: "4b4421dc-73af-4dec-884c-836f9732cb5b", discovery: "EXTERNAL", }, title: "Improper Removal of Sensitive Information Before Storage or Transfer in usememos/memos", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4734", datePublished: "2022-12-25T00:00:00", dateReserved: "2022-12-25T00:00:00", dateUpdated: "2024-08-03T01:48:40.430Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4851
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.888Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-229", description: "CWE-229 Improper Handling of Values", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f", }, ], source: { advisory: "e3cebc1a-1326-4a08-abad-0414a717fa0f", discovery: "EXTERNAL", }, title: "Improper Handling of Values in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4851", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.888Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4845
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.139Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/075dbd51-b078-436c-9e3d-7f25cd2e7e1b", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/075dbd51-b078-436c-9e3d-7f25cd2e7e1b", }, ], source: { advisory: "075dbd51-b078-436c-9e3d-7f25cd2e7e1b", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4845", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:46.139Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4689
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.847Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a78c4326-6e7b-47fe-aa82-461e5c12a4e3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { url: "https://huntr.dev/bounties/a78c4326-6e7b-47fe-aa82-461e5c12a4e3", }, ], source: { advisory: "a78c4326-6e7b-47fe-aa82-461e5c12a4e3", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4689", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.847Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4796
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.492Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/efe8001b-1d6a-41af-a64c-736705cc66a6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-648", description: "CWE-648 Incorrect Use of Privileged APIs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/efe8001b-1d6a-41af-a64c-736705cc66a6", }, ], source: { advisory: "efe8001b-1d6a-41af-a64c-736705cc66a6", discovery: "EXTERNAL", }, title: "Incorrect Use of Privileged APIs in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4796", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.492Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4808
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/11877cbf-fcaf-42ef-813e-502c7293f2b5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/11877cbf-fcaf-42ef-813e-502c7293f2b5", }, ], source: { advisory: "11877cbf-fcaf-42ef-813e-502c7293f2b5", discovery: "EXTERNAL", }, title: "Improper Privilege Management in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4808", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.438Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4767
Vulnerability from cvelistv5
Published
2022-12-27 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Denial of Service in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.396Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/75b4a085-923c-4ecc-bbf6-e049290db502", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/f888c628408501daf639de07b90a72ab443b0f4c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Denial of Service in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-27T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/75b4a085-923c-4ecc-bbf6-e049290db502", }, { url: "https://github.com/usememos/memos/commit/f888c628408501daf639de07b90a72ab443b0f4c", }, ], source: { advisory: "75b4a085-923c-4ecc-bbf6-e049290db502", discovery: "EXTERNAL", }, title: "Denial of Service in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4767", datePublished: "2022-12-27T00:00:00", dateReserved: "2022-12-27T00:00:00", dateUpdated: "2024-08-03T01:48:40.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4687
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.025Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-648", description: "CWE-648 Incorrect Use of Privileged APIs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { url: "https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788", }, ], source: { advisory: "b908377f-a61b-432c-8e6a-c7498da69788", discovery: "EXTERNAL", }, title: "Incorrect Use of Privileged APIs in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4687", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:40.025Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4846
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.654Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/38c685fc-7065-472d-a46e-e26bf0b556d3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/38c685fc-7065-472d-a46e-e26bf0b556d3", }, ], source: { advisory: "38c685fc-7065-472d-a46e-e26bf0b556d3", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4846", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4813
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.413Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1220", description: "CWE-1220 Insufficient Granularity of Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc", }, ], source: { advisory: "a24b45d8-554b-4131-8ce1-f33bf8cdbacc", discovery: "EXTERNAL", }, title: "Insufficient Granularity of Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4813", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.413Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4844
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.717Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/8e8df1f4-07ab-4b75-aec8-75b1229e93a3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/8e8df1f4-07ab-4b75-aec8-75b1229e93a3", }, ], source: { advisory: "8e8df1f4-07ab-4b75-aec8-75b1229e93a3", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4844", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.717Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4840
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.717Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b42aa2e9-c783-464c-915c-a80cb464ee01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { url: "https://huntr.dev/bounties/b42aa2e9-c783-464c-915c-a80cb464ee01", }, ], source: { advisory: "b42aa2e9-c783-464c-915c-a80cb464ee01", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4840", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.717Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4698
Vulnerability from cvelistv5
Published
2023-09-01 00:00
Modified
2024-09-30 20:22
Severity ?
EPSS score ?
Summary
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.13.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:37:59.324Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e1107d79-1d63-4238-90b7-5cc150512654", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4698", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T20:22:04.714868Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T20:22:15.819Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.13.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-01T00:00:20.059Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/e1107d79-1d63-4238-90b7-5cc150512654", }, { url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], source: { advisory: "e1107d79-1d63-4238-90b7-5cc150512654", discovery: "EXTERNAL", }, title: "Improper Input Validation in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-4698", datePublished: "2023-09-01T00:00:20.059Z", dateReserved: "2023-09-01T00:00:09.810Z", dateUpdated: "2024-09-30T20:22:15.819Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0109
Vulnerability from cvelistv5
Published
2024-11-15 10:57
Modified
2024-11-15 20:56
Severity ?
EPSS score ?
Summary
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-0109", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T20:55:45.535755Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T20:56:59.319Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T10:57:21.900Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/1899ffb2-ce1e-4dc0-af96-972612190f6e", }, { url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, ], source: { advisory: "1899ffb2-ce1e-4dc0-af96-972612190f6e", discovery: "EXTERNAL", }, title: "Stored XSS in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2023-0109", datePublished: "2024-11-15T10:57:21.900Z", dateReserved: "2023-01-07T02:52:45.260Z", dateUpdated: "2024-11-15T20:56:59.319Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4839
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.256Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ad954cab-f026-4895-8003-99f5e3b507ed", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { url: "https://huntr.dev/bounties/ad954cab-f026-4895-8003-99f5e3b507ed", }, ], source: { advisory: "ad954cab-f026-4895-8003-99f5e3b507ed", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4839", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4800
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-940", description: "CWE-940 Improper Verification of Source of a Communication Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8", }, ], source: { advisory: "aa45a6eb-cc38-45e5-a301-221ef43c0ef8", discovery: "EXTERNAL", }, title: "Improper Verification of Source of a Communication Channel in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4800", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29030
Vulnerability from cvelistv5
Published
2024-04-19 15:13
Modified
2024-08-02 01:03
Severity ?
EPSS score ?
Summary
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:memos:memos:0.13.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "memos", vendor: "memos", versions: [ { status: "affected", version: "0.13.2", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-29030", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T19:28:06.897220Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:56:52.117Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.583Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", }, { name: "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", }, { name: "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/resource.go#L83", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/resource.go#L83", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "memos", vendor: "usememos", versions: [ { status: "affected", version: "< 0.22.0", }, ], }, ], descriptions: [ { lang: "en", value: "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918: Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T20:27:25.535Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", tags: [ "x_refsource_CONFIRM", ], url: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", }, { name: "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", tags: [ "x_refsource_MISC", ], url: "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", }, { name: "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/resource.go#L83", tags: [ "x_refsource_MISC", ], url: "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/resource.go#L83", }, ], source: { advisory: "GHSA-65fm-2jgr-j7qq", discovery: "UNKNOWN", }, title: "memos vulnerable to an SSRF in /api/resource", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-29030", datePublished: "2024-04-19T15:13:59.762Z", dateReserved: "2024-03-14T16:59:47.612Z", dateUpdated: "2024-08-02T01:03:51.583Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4850
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.883Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/46dc4728-eacc-43f5-9831-c203fdbcc346", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/46dc4728-eacc-43f5-9831-c203fdbcc346", }, ], source: { advisory: "46dc4728-eacc-43f5-9831-c203fdbcc346", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4850", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.883Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41659
Vulnerability from cvelistv5
Published
2024-08-20 19:54
Modified
2025-01-09 19:15
Severity ?
EPSS score ?
Summary
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account. This vulnerability is fixed in 0.21.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-034_memos/ | x_refsource_CONFIRM | |
| https://github.com/usememos/memos/commit/8101a5e0b162044c16385bee4f12a4a653d050b9 | x_refsource_MISC | |
| https://github.com/usememos/memos/blob/v0.20.1/server/server.go#L163 | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:usememos:memos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "memos", vendor: "usememos", versions: [ { lessThanOrEqual: "0.20.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-41659", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-21T13:24:07.900591Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T19:15:30.589Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "memos", vendor: "usememos", versions: [ { status: "affected", version: "< 0.21.0", }, ], }, ], descriptions: [ { lang: "en", value: "memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account. This vulnerability is fixed in 0.21.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-942", description: "CWE-942: Permissive Cross-domain Policy with Untrusted Domains", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-22T15:27:22.743Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://securitylab.github.com/advisories/GHSL-2024-034_memos/", tags: [ "x_refsource_CONFIRM", ], url: "https://securitylab.github.com/advisories/GHSL-2024-034_memos/", }, { name: "https://github.com/usememos/memos/commit/8101a5e0b162044c16385bee4f12a4a653d050b9", tags: [ "x_refsource_MISC", ], url: "https://github.com/usememos/memos/commit/8101a5e0b162044c16385bee4f12a4a653d050b9", }, { name: "https://github.com/usememos/memos/blob/v0.20.1/server/server.go#L163", tags: [ "x_refsource_MISC", ], url: "https://github.com/usememos/memos/blob/v0.20.1/server/server.go#L163", }, ], source: { advisory: "GHSA-p4fx-qf2h-jpmj", discovery: "UNKNOWN", }, title: "GHSL-2024-034: memos CORS Misconfiguration in server.go", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-41659", datePublished: "2024-08-20T19:54:08.182Z", dateReserved: "2024-07-18T15:21:47.482Z", dateUpdated: "2025-01-09T19:15:30.589Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4802
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.475Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956", }, ], source: { advisory: "d47d4a94-92e3-4400-b012-a8577cbd7956", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4802", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4686
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.364Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-27T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { url: "https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637", }, ], source: { advisory: "caa0b22c-501f-44eb-af65-65c315cd1637", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4686", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:40.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4688
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/23856e7e-94ff-4dee-97d0-0cd47e9b8ff6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { url: "https://huntr.dev/bounties/23856e7e-94ff-4dee-97d0-0cd47e9b8ff6", }, ], source: { advisory: "23856e7e-94ff-4dee-97d0-0cd47e9b8ff6", discovery: "EXTERNAL", }, title: "Improper Authorization in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4688", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:40.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4803
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.614Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/0fba72b9-db10-4d9f-a707-2acf2004a286", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/0fba72b9-db10-4d9f-a707-2acf2004a286", }, ], source: { advisory: "0fba72b9-db10-4d9f-a707-2acf2004a286", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4803", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4684
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { url: "https://huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5", }, ], source: { advisory: "b66f2bdd-8b41-456c-bf65-92302c2e03b5", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4684", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4799
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.527Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/c5d70f9d-b7a7-4418-9368-4566a8143e79", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/c5d70f9d-b7a7-4418-9368-4566a8143e79", }, ], source: { advisory: "c5d70f9d-b7a7-4418-9368-4566a8143e79", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4799", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.527Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4865
Vulnerability from cvelistv5
Published
2022-12-31 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.712Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-31T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, { url: "https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be", }, ], source: { advisory: "cd8765a2-bf28-4019-8647-882ccf63b2be", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4865", datePublished: "2022-12-31T00:00:00", dateReserved: "2022-12-31T00:00:00", dateUpdated: "2024-08-03T01:55:45.712Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4801
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.440Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b0795261-0f97-4f0b-be44-9dc079e01593", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1220", description: "CWE-1220 Insufficient Granularity of Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/b0795261-0f97-4f0b-be44-9dc079e01593", }, ], source: { advisory: "b0795261-0f97-4f0b-be44-9dc079e01593", discovery: "EXTERNAL", }, title: "Insufficient Granularity of Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4801", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4804
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.506Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/4ee48a1e-6332-4d95-a360-9c392643c533", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/4ee48a1e-6332-4d95-a360-9c392643c533", }, ], source: { advisory: "4ee48a1e-6332-4d95-a360-9c392643c533", discovery: "EXTERNAL", }, title: "Improper Authorization in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4804", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.506Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4806
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be", }, ], source: { advisory: "2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4806", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.461Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4692
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.381Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/9d1ed6ea-f7a0-4561-9325-a2babef99c74", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { url: "https://huntr.dev/bounties/9d1ed6ea-f7a0-4561-9325-a2babef99c74", }, ], source: { advisory: "9d1ed6ea-f7a0-4561-9325-a2babef99c74", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4692", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:40.381Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4866
Vulnerability from cvelistv5
Published
2022-12-31 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/39c04778-6228-4f07-bdd4-ab17f246dbff", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-31T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/39c04778-6228-4f07-bdd4-ab17f246dbff", }, { url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, ], source: { advisory: "39c04778-6228-4f07-bdd4-ab17f246dbff", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4866", datePublished: "2022-12-31T00:00:00", dateReserved: "2022-12-31T00:00:00", dateUpdated: "2024-08-03T01:55:45.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29028
Vulnerability from cvelistv5
Published
2024-04-19 15:14
Modified
2024-08-07 17:47
Severity ?
EPSS score ?
Summary
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9 | x_refsource_CONFIRM | |
| https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.620Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9", }, { name: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "memos", vendor: "usememos", versions: [ { lessThan: "0.13.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-29028", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-25T18:14:44.647191Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-07T17:47:02.151Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "memos", vendor: "usememos", versions: [ { status: "affected", version: "< 0.16.1", }, ], }, ], descriptions: [ { lang: "en", value: "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918: Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-19T15:20:19.205Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9", }, { name: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos", tags: [ "x_refsource_MISC", ], url: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos", }, ], source: { advisory: "GHSA-6fcf-g3mp-xj2x", discovery: "UNKNOWN", }, title: "memos vulnerable to an SSRF in /o/get/httpmeta", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-29028", datePublished: "2024-04-19T15:14:02.607Z", dateReserved: "2024-03-14T16:59:47.612Z", dateUpdated: "2024-08-07T17:47:02.151Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4841
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.992Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/fa46b3ef-c621-443a-be3a-0a83fb78ba62", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/fa46b3ef-c621-443a-be3a-0a83fb78ba62", }, { url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, ], source: { advisory: "fa46b3ef-c621-443a-be3a-0a83fb78ba62", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4841", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.992Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0108
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.573Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/f66d33df-6588-4ab4-80a0-847451517944", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { url: "https://huntr.dev/bounties/f66d33df-6588-4ab4-80a0-847451517944", }, ], source: { advisory: "f66d33df-6588-4ab4-80a0-847451517944", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0108", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0112
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.221Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ec2a29dc-79a3-44bd-a58b-15f676934af6", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/ec2a29dc-79a3-44bd-a58b-15f676934af6", }, { url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, ], source: { advisory: "ec2a29dc-79a3-44bd-a58b-15f676934af6", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0112", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.221Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4848
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-940", description: "CWE-940 Improper Verification of Source of a Communication Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc", }, ], source: { advisory: "25de88cc-8d0d-41a1-b069-9ef1327770bc", discovery: "EXTERNAL", }, title: "Improper Verification of Source of a Communication Channel in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4848", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0107
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.474Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/0b28fa57-acb0-47c8-ac48-962ff3898156", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, { url: "https://huntr.dev/bounties/0b28fa57-acb0-47c8-ac48-962ff3898156", }, ], source: { advisory: "0b28fa57-acb0-47c8-ac48-962ff3898156", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0107", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.474Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4810
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e", }, ], source: { advisory: "f0c8d778-db86-4ed3-85bb-5315ab56915e", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4810", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0111
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.629Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/70da256c-977a-487e-8a6a-9ae22caedbe3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { url: "https://huntr.dev/bounties/70da256c-977a-487e-8a6a-9ae22caedbe3", }, ], source: { advisory: "70da256c-977a-487e-8a6a-9ae22caedbe3", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0111", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.629Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4694
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a4d865c2-1a2b-4e3a-aaae-915b0dfc3f22", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/a4d865c2-1a2b-4e3a-aaae-915b0dfc3f22", }, { url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, ], source: { advisory: "a4d865c2-1a2b-4e3a-aaae-915b0dfc3f22", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4694", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.517Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4805
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.425Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-648", description: "CWE-648 Incorrect Use of Privileged APIs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873", }, ], source: { advisory: "b03f6a9b-e49b-42d6-a318-1d7afd985873", discovery: "EXTERNAL", }, title: "Incorrect Use of Privileged APIs in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4805", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.425Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4814
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.440Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4", }, ], source: { advisory: "e65b3458-c2e2-4c0b-9029-e3c9ee015ae4", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4814", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4807
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.534Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/704c9ed7-2120-47ea-aaf0-5fdcbd492954", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/704c9ed7-2120-47ea-aaf0-5fdcbd492954", }, ], source: { advisory: "704c9ed7-2120-47ea-aaf0-5fdcbd492954", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4807", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.534Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29029
Vulnerability from cvelistv5
Published
2024-04-19 15:14
Modified
2024-08-02 01:03
Severity ?
EPSS score ?
Summary
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:memos:memos:0.13.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "memos", vendor: "memos", versions: [ { status: "affected", version: "0.13.2", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-29029", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-19T18:15:39.463794Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:58:18.206Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.649Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", }, { name: "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", }, { name: "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "memos", vendor: "usememos", versions: [ { status: "affected", version: "< 0.22.0", }, ], }, ], descriptions: [ { lang: "en", value: "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918: Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T20:27:52.422Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", tags: [ "x_refsource_CONFIRM", ], url: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", }, { name: "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", tags: [ "x_refsource_MISC", ], url: "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", }, { name: "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", tags: [ "x_refsource_MISC", ], url: "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", }, ], source: { advisory: "GHSA-9cqm-mgv9-vv9j", discovery: "UNKNOWN", }, title: "memos vulnerable to an SSRF in /o/get/image", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-29029", datePublished: "2024-04-19T15:14:09.993Z", dateReserved: "2024-03-14T16:59:47.612Z", dateUpdated: "2024-08-02T01:03:51.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5036
Vulnerability from cvelistv5
Published
2023-09-18 05:46
Modified
2024-09-25 14:06
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.15.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:44:53.611Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "memos", vendor: "usememos", versions: [ { lessThan: "0.15.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-5036", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-25T13:59:00.783440Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-25T14:06:54.622Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.15.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-18T05:46:44.541Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d", }, { url: "https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536", }, ], source: { advisory: "46881df7-eb41-4ce2-a78f-82de9bc4fc2d", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-5036", datePublished: "2023-09-18T05:46:44.541Z", dateReserved: "2023-09-18T05:46:34.513Z", dateUpdated: "2024-09-25T14:06:54.622Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4691
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/459b55c1-22f5-4556-9cda-9b86aa91582f", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { url: "https://huntr.dev/bounties/459b55c1-22f5-4556-9cda-9b86aa91582f", }, ], source: { advisory: "459b55c1-22f5-4556-9cda-9b86aa91582f", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4691", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4863
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-280", description: "CWE-280 Improper Handling of Insufficient Permissions or Privileges ", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-30T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45", }, ], source: { advisory: "42751929-e511-49a9-888d-d5b610da2a45", discovery: "EXTERNAL", }, title: "Improper Handling of Insufficient Permissions or Privileges in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4863", datePublished: "2022-12-30T00:00:00", dateReserved: "2022-12-30T00:00:00", dateUpdated: "2024-08-03T01:55:46.067Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4847
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.947Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-941", description: "CWE-941 Incorrectly Specified Destination in a Communication Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73", }, { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, ], source: { advisory: "ff6d4b5a-5e75-4a14-b5ce-f318f8613b73", discovery: "EXTERNAL", }, title: "Incorrectly Specified Destination in a Communication Channel in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4847", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4849
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.948Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/404ce7dd-f345-4d98-ad80-c53ac74f4e5c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/404ce7dd-f345-4d98-ad80-c53ac74f4e5c", }, ], source: { advisory: "404ce7dd-f345-4d98-ad80-c53ac74f4e5c", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4849", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.948Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4812
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c", }, ], source: { advisory: "33924891-5c36-4b46-b417-98eaab688c4c", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4812", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4798
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.378Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e12eed25-1a8e-4ee1-b846-2d4df1db2fae", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/e12eed25-1a8e-4ee1-b846-2d4df1db2fae", }, ], source: { advisory: "e12eed25-1a8e-4ee1-b846-2d4df1db2fae", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4798", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.378Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25978
Vulnerability from cvelistv5
Published
2023-02-15 05:00
Modified
2025-03-18 15:45
Severity ?
EPSS score ?
Summary
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | github.com/usememos/memos/server |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:56:36.499Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/b11d2130a084385eb65c3761a3c841ebe9f81ae8", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/issues/1026", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-25978", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-18T15:44:54.764283Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T15:45:00.654Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "github.com/usememos/memos/server", vendor: "n/a", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Kahla", }, ], descriptions: [ { lang: "en", value: "All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. \r\r", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Cross-site Scripting (XSS)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-15T05:00:01.227Z", orgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", shortName: "snyk", }, references: [ { url: "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070", }, { url: "https://github.com/usememos/memos/commit/b11d2130a084385eb65c3761a3c841ebe9f81ae8", }, { url: "https://github.com/usememos/memos/issues/1026", }, ], }, }, cveMetadata: { assignerOrgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", assignerShortName: "snyk", cveId: "CVE-2022-25978", datePublished: "2023-02-15T05:00:01.227Z", dateReserved: "2022-02-24T11:58:27.023Z", dateUpdated: "2025-03-18T15:45:00.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4696
Vulnerability from cvelistv5
Published
2023-09-01 00:00
Modified
2024-09-30 20:23
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.13.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:37:59.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/4747a485-77c3-4bb5-aab0-21253ef303ca", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4696", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T20:22:53.572721Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T20:23:07.442Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.13.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-01T00:00:19.758Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/4747a485-77c3-4bb5-aab0-21253ef303ca", }, { url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], source: { advisory: "4747a485-77c3-4bb5-aab0-21253ef303ca", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-4696", datePublished: "2023-09-01T00:00:19.758Z", dateReserved: "2023-09-01T00:00:07.332Z", dateUpdated: "2024-09-30T20:23:07.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4811
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.670Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.<p>This issue affects usememos/memos before 0.9.1.</p>", }, ], value: "Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-18T15:24:51.892Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c", }, ], source: { advisory: "e907b754-4f33-46b6-9dd2-0d2223cb060c", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4811", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.670Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4809
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.493Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e46c5380-a590-40de-a8e5-79872ee0bb29", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/e46c5380-a590-40de-a8e5-79872ee0bb29", }, ], source: { advisory: "e46c5380-a590-40de-a8e5-79872ee0bb29", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4809", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.493Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4697
Vulnerability from cvelistv5
Published
2023-09-01 00:00
Modified
2024-10-01 13:13
Severity ?
EPSS score ?
Summary
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.13.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:37:59.470Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/3ff3325a-1dcb-4da7-894d-81a9cf726d81", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4697", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T13:12:56.315418Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T13:13:06.214Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.13.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-01T00:00:20.740Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/3ff3325a-1dcb-4da7-894d-81a9cf726d81", }, { url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], source: { advisory: "3ff3325a-1dcb-4da7-894d-81a9cf726d81", discovery: "EXTERNAL", }, title: "Improper Privilege Management in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-4697", datePublished: "2023-09-01T00:00:20.740Z", dateReserved: "2023-09-01T00:00:08.046Z", dateUpdated: "2024-10-01T13:13:06.214Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4690
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.577Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335", }, { url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, ], source: { advisory: "7e1be91d-3b13-4300-8af2-9bd9665ec335", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4690", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4797
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.409Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/5233f76f-016b-4c65-b019-2c5d27802a1b", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-307", description: "CWE-307 Improper Restriction of Excessive Authentication Attempts", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/5233f76f-016b-4c65-b019-2c5d27802a1b", }, { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, ], source: { advisory: "5233f76f-016b-4c65-b019-2c5d27802a1b", discovery: "EXTERNAL", }, title: "Improper Restriction of Excessive Authentication Attempts in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4797", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.409Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4695
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/2559d548-b847-40fb-94d6-18c1ad58b789", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, { url: "https://huntr.dev/bounties/2559d548-b847-40fb-94d6-18c1ad58b789", }, ], source: { advisory: "2559d548-b847-40fb-94d6-18c1ad58b789", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4695", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:40.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0110
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.477Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/6e4a1961-dbca-46f6-ae21-c25a621e54a7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { url: "https://huntr.dev/bounties/6e4a1961-dbca-46f6-ae21-c25a621e54a7", }, ], source: { advisory: "6e4a1961-dbca-46f6-ae21-c25a621e54a7", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0110", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.477Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4683
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.937Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/7efa749c6628c75b19a912ca170529f5c293bb2e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-614", description: "CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef", }, { url: "https://github.com/usememos/memos/commit/7efa749c6628c75b19a912ca170529f5c293bb2e", }, ], source: { advisory: "84973f6b-739a-4d7e-8757-fc58cbbaf6ef", discovery: "EXTERNAL", }, title: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4683", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0106
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/5c0809cb-f4ff-4447-bed6-b5625fb374bb", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/5c0809cb-f4ff-4447-bed6-b5625fb374bb", }, { url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, ], source: { advisory: "5c0809cb-f4ff-4447-bed6-b5625fb374bb", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0106", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-09-18 06:15
Modified
2024-11-21 08:40
Severity ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "66064CC2-0DF2-4C80-A508-B0E961C260AF", versionEndExcluding: "0.15.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.", }, { lang: "es", value: "Cross-Site Request Forgery (CSRF) en usememos/memos del repositorio de GitHub anteriores a 0.15.1.", }, ], id: "CVE-2023-5036", lastModified: "2024-11-21T08:40:56.500", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-18T06:15:08.267", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-29 18:15
Modified
2024-11-21 07:36
Severity ?
Summary
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Destino especificado incorrectamente en un canal de comunicación en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4847", lastModified: "2024-11-21T07:36:03.903", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-29T18:15:10.450", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-941", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-31 09:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/39c04778-6228-4f07-bdd4-ab17f246dbff | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/39c04778-6228-4f07-bdd4-ab17f246dbff | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Cross-site scripting (XSS) almacenado en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4866", lastModified: "2024-11-21T07:36:06.037", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-31T09:15:11.837", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/39c04778-6228-4f07-bdd4-ab17f246dbff", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/39c04778-6228-4f07-bdd4-ab17f246dbff", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-27 15:15
Modified
2024-11-21 07:35
Severity ?
Summary
Denial of Service in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/f888c628408501daf639de07b90a72ab443b0f4c | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/75b4a085-923c-4ecc-bbf6-e049290db502 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/f888c628408501daf639de07b90a72ab443b0f4c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/75b4a085-923c-4ecc-bbf6-e049290db502 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Denial of Service in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Denegación de servicio en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4767", lastModified: "2024-11-21T07:35:54.057", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-27T15:15:12.847", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/f888c628408501daf639de07b90a72ab443b0f4c", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/75b4a085-923c-4ecc-bbf6-e049290db502", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/f888c628408501daf639de07b90a72ab443b0f4c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/75b4a085-923c-4ecc-bbf6-e049290db502", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-29 18:15
Modified
2024-11-21 07:36
Severity ?
Summary
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Verificación inadecuada del origen de un canal de comunicación en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4848", lastModified: "2024-11-21T07:36:04.023", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-29T18:15:10.550", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-940", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Omisión de autorización a través de clave controlada por el usuario en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4802", lastModified: "2024-11-21T07:35:58.223", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:10.700", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-29 17:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/ad954cab-f026-4895-8003-99f5e3b507ed | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/ad954cab-f026-4895-8003-99f5e3b507ed | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Cross-Site Scripting (XSS) Almacenado en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4839", lastModified: "2024-11-21T07:36:02.903", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-29T17:15:21.247", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ad954cab-f026-4895-8003-99f5e3b507ed", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ad954cab-f026-4895-8003-99f5e3b507ed", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-07 04:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/f66d33df-6588-4ab4-80a0-847451517944 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/f66d33df-6588-4ab4-80a0-847451517944 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "460E8407-0D60-4523-BEED-804ACEED0C66", versionEndExcluding: "0.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, { lang: "es", value: "Cross site scripting (XSS): almacenado en el repositorio de GitHub usememos/memos anteriores a 0.10.0.", }, ], id: "CVE-2023-0108", lastModified: "2024-11-21T07:36:34.097", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-07T04:15:08.240", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/f66d33df-6588-4ab4-80a0-847451517944", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/f66d33df-6588-4ab4-80a0-847451517944", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-19 16:15
Modified
2025-01-02 20:46
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "E8EB3231-6B7C-45F5-80C6-F71A853130C2", versionEndExcluding: "0.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.", }, { lang: "es", value: "Memos es un servicio de toma de notas liviano y que prioriza la privacidad. En memos 0.13.2, existe una vulnerabilidad SSRF en /o/get/image que permite a usuarios no autenticados enumerar la red interna y recuperar imágenes. Luego, la respuesta de la solicitud de imagen se copia en la respuesta de la solicitud del servidor actual, lo que provoca una vulnerabilidad XSS reflejada.", }, ], id: "CVE-2024-29029", lastModified: "2025-01-02T20:46:24.867", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-19T16:15:09.853", references: [ { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, { lang: "en", value: "CWE-918", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-23 12:15
Modified
2024-11-21 07:35
Severity ?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/7efa749c6628c75b19a912ca170529f5c293bb2e | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/7efa749c6628c75b19a912ca170529f5c293bb2e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Cookie confidencial en sesión HTTPS sin atributo 'Secure' en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4683", lastModified: "2024-11-21T07:35:43.680", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-23T12:15:08.627", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/7efa749c6628c75b19a912ca170529f5c293bb2e", }, { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/7efa749c6628c75b19a912ca170529f5c293bb2e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-614", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-311", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-29 18:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/075dbd51-b078-436c-9e3d-7f25cd2e7e1b | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/075dbd51-b078-436c-9e3d-7f25cd2e7e1b | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Cross-Site Request Forgery (CSRF) en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4845", lastModified: "2024-11-21T07:36:03.653", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-29T18:15:10.263", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/075dbd51-b078-436c-9e3d-7f25cd2e7e1b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/075dbd51-b078-436c-9e3d-7f25cd2e7e1b", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-23 12:15
Modified
2024-11-21 07:35
Severity ?
Summary
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Uso incorrecto de API privilegiadas en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4687", lastModified: "2024-11-21T07:35:44.133", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-23T12:15:11.447", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-648", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b0795261-0f97-4f0b-be44-9dc079e01593 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b0795261-0f97-4f0b-be44-9dc079e01593 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Granularidad insuficiente del control de acceso en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4801", lastModified: "2024-11-21T07:35:58.100", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:10.620", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b0795261-0f97-4f0b-be44-9dc079e01593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b0795261-0f97-4f0b-be44-9dc079e01593", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1220", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-29 17:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/fa46b3ef-c621-443a-be3a-0a83fb78ba62 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/fa46b3ef-c621-443a-be3a-0a83fb78ba62 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Cross-Site Scripting (XSS) Almacenado en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4841", lastModified: "2024-11-21T07:36:03.167", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-29T17:15:21.447", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/fa46b3ef-c621-443a-be3a-0a83fb78ba62", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/fa46b3ef-c621-443a-be3a-0a83fb78ba62", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-23 12:15
Modified
2024-11-21 07:35
Severity ?
Summary
Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/23856e7e-94ff-4dee-97d0-0cd47e9b8ff6 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/23856e7e-94ff-4dee-97d0-0cd47e9b8ff6 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Autorización incorrecta en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4688", lastModified: "2024-11-21T07:35:44.283", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-23T12:15:11.817", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/23856e7e-94ff-4dee-97d0-0cd47e9b8ff6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/23856e7e-94ff-4dee-97d0-0cd47e9b8ff6", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-27 15:15
Modified
2024-11-21 07:35
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.\n\n", }, { lang: "es", value: "Eliminación incorrecta de información confidencial antes del almacenamiento o transferencia en el repositorio de GitHub usememos/memos anteriores a 0.9.1.\n", }, ], id: "CVE-2022-4734", lastModified: "2024-11-21T07:35:50.207", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-27T15:15:12.767", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-212", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-212", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/4ee48a1e-6332-4d95-a360-9c392643c533 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/4ee48a1e-6332-4d95-a360-9c392643c533 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Autorización incorrecta en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4804", lastModified: "2024-11-21T07:35:58.470", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:10.857", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/4ee48a1e-6332-4d95-a360-9c392643c533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/4ee48a1e-6332-4d95-a360-9c392643c533", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/0fba72b9-db10-4d9f-a707-2acf2004a286 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/0fba72b9-db10-4d9f-a707-2acf2004a286 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Omisión de autorización a través de clave controlada por el usuario en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4803", lastModified: "2024-11-21T07:35:58.350", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:10.780", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/0fba72b9-db10-4d9f-a707-2acf2004a286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/0fba72b9-db10-4d9f-a707-2acf2004a286", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-29 17:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b42aa2e9-c783-464c-915c-a80cb464ee01 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b42aa2e9-c783-464c-915c-a80cb464ee01 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Cross-Site Scripting (XSS) Almacenado en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4840", lastModified: "2024-11-21T07:36:03.047", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-29T17:15:21.363", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b42aa2e9-c783-464c-915c-a80cb464ee01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b42aa2e9-c783-464c-915c-a80cb464ee01", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-23 12:15
Modified
2024-11-21 07:35
Severity ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Omisión de autorización a través de clave controlada por el usuario en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4686", lastModified: "2024-11-21T07:35:43.947", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-23T12:15:11.110", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-15 05:15
Modified
2025-03-18 16:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| report@snyk.io | https://github.com/usememos/memos/commit/b11d2130a084385eb65c3761a3c841ebe9f81ae8 | Patch | |
| report@snyk.io | https://github.com/usememos/memos/issues/1026 | Exploit | |
| report@snyk.io | https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/b11d2130a084385eb65c3761a3c841ebe9f81ae8 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/issues/1026 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "22F12AF0-BE09-45E5-B310-D7D4DD5DD4DD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. \r\r", }, { lang: "es", value: "Todas las versiones del paquete github.com/usememos/memos/server son vulnerables a Cross-site Scripting (XSS) debido a comprobaciones insuficientes de recursos externos, lo que permite a actores malintencionados introducir enlaces que comienzan con un javascript:scheme.", }, ], id: "CVE-2022-25978", lastModified: "2025-03-18T16:15:12.627", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "report@snyk.io", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-15T05:15:11.540", references: [ { source: "report@snyk.io", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/b11d2130a084385eb65c3761a3c841ebe9f81ae8", }, { source: "report@snyk.io", tags: [ "Exploit", ], url: "https://github.com/usememos/memos/issues/1026", }, { source: "report@snyk.io", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/b11d2130a084385eb65c3761a3c841ebe9f81ae8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/usememos/memos/issues/1026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUSEMEMOSMEMOSSERVER-3319070", }, ], sourceIdentifier: "report@snyk.io", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "report@snyk.io", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-01 01:15
Modified
2024-11-21 08:35
Severity ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "F64C568E-3AC2-440A-894D-5946C0AD9C3D", versionEndExcluding: "0.13.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.", }, ], id: "CVE-2023-4696", lastModified: "2024-11-21T08:35:42.580", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-01T01:15:08.400", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, { source: "security@huntr.dev", tags: [ "Permissions Required", ], url: "https://huntr.dev/bounties/4747a485-77c3-4bb5-aab0-21253ef303ca", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://huntr.dev/bounties/4747a485-77c3-4bb5-aab0-21253ef303ca", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/efe8001b-1d6a-41af-a64c-736705cc66a6 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/efe8001b-1d6a-41af-a64c-736705cc66a6 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Uso incorrecto de API privilegiadas en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4796", lastModified: "2024-11-21T07:35:57.490", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:09.747", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/efe8001b-1d6a-41af-a64c-736705cc66a6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/efe8001b-1d6a-41af-a64c-736705cc66a6", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-648", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-23 12:15
Modified
2024-11-21 07:35
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Cross-Site Scripting (XSS): almacenado en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4690", lastModified: "2024-11-21T07:35:44.513", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-23T12:15:12.463", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Uso incorrecto de API privilegiadas en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4805", lastModified: "2024-11-21T07:35:58.587", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:10.933", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-648", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Control de acceso inadecuado en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4814", lastModified: "2024-11-21T07:35:59.803", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:11.577", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/e12eed25-1a8e-4ee1-b846-2d4df1db2fae | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/e12eed25-1a8e-4ee1-b846-2d4df1db2fae | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Omisión de autorización a través de clave controlada por el usuario en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4798", lastModified: "2024-11-21T07:35:57.737", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:10.367", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e12eed25-1a8e-4ee1-b846-2d4df1db2fae", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e12eed25-1a8e-4ee1-b846-2d4df1db2fae", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-07 04:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/6e4a1961-dbca-46f6-ae21-c25a621e54a7 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/6e4a1961-dbca-46f6-ae21-c25a621e54a7 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "460E8407-0D60-4523-BEED-804ACEED0C66", versionEndExcluding: "0.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, { lang: "es", value: "Cross site scripting (XSS): almacenado en el repositorio de GitHub usememos/memos anteriores a 0.10.0.", }, ], id: "CVE-2023-0110", lastModified: "2024-11-21T07:36:34.353", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-07T04:15:08.317", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/6e4a1961-dbca-46f6-ae21-c25a621e54a7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/6e4a1961-dbca-46f6-ae21-c25a621e54a7", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-07 04:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/5c0809cb-f4ff-4447-bed6-b5625fb374bb | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/5c0809cb-f4ff-4447-bed6-b5625fb374bb | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "460E8407-0D60-4523-BEED-804ACEED0C66", versionEndExcluding: "0.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, { lang: "es", value: "cross site scripting (XSS): almacenado en el repositorio de GitHub usememos/memos anteriores a 0.10.0.", }, ], id: "CVE-2023-0106", lastModified: "2024-11-21T07:36:33.870", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-07T04:15:08.083", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/5c0809cb-f4ff-4447-bed6-b5625fb374bb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/5c0809cb-f4ff-4447-bed6-b5625fb374bb", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-15 11:15
Modified
2024-11-19 14:44
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "02F8AADD-D194-452F-8BF1-75FE8F32A062", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.", }, { lang: "es", value: "Se descubrió una vulnerabilidad de cross-site scripting (XSS) almacenado en la versión 0.9.1 de usememos/memos. Esta vulnerabilidad permite a un atacante cargar un archivo JavaScript que contiene una secuencia de comandos maliciosa y hacer referencia a ella en un archivo HTML. Cuando se accede al archivo HTML, se ejecuta la secuencia de comandos maliciosa. Esto puede provocar el robo de información confidencial, como las credenciales de inicio de sesión, de los usuarios que visitan el sitio web afectado. El problema se ha solucionado en la versión 0.10.0.", }, ], id: "CVE-2023-0109", lastModified: "2024-11-19T14:44:24.977", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-11-15T11:15:08.097", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/1899ffb2-ce1e-4dc0-af96-972612190f6e", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-31 09:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Cross-site Scripting (XSS) almacenado en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4865", lastModified: "2024-11-21T07:36:05.920", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-31T09:15:08.213", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-23 12:15
Modified
2024-11-21 07:35
Severity ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/a78c4326-6e7b-47fe-aa82-461e5c12a4e3 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/a78c4326-6e7b-47fe-aa82-461e5c12a4e3 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Control de acceso inadecuado en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4689", lastModified: "2024-11-21T07:35:44.400", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-23T12:15:12.160", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/a78c4326-6e7b-47fe-aa82-461e5c12a4e3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/a78c4326-6e7b-47fe-aa82-461e5c12a4e3", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-27 15:15
Modified
2024-11-21 07:35
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/2559d548-b847-40fb-94d6-18c1ad58b789 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/2559d548-b847-40fb-94d6-18c1ad58b789 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Cross-Site Scripting (XSS): almacenado en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4695", lastModified: "2024-11-21T07:35:45.080", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-27T15:15:11.603", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/2559d548-b847-40fb-94d6-18c1ad58b789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/2559d548-b847-40fb-94d6-18c1ad58b789", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Granularidad insuficiente del control de acceso en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4813", lastModified: "2024-11-21T07:35:59.603", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:11.503", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1220", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-23 20:15
Modified
2024-11-21 07:35
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/9d1ed6ea-f7a0-4561-9325-a2babef99c74 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/9d1ed6ea-f7a0-4561-9325-a2babef99c74 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Cross site scripting (XSS) - almacenado en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4692", lastModified: "2024-11-21T07:35:44.737", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-23T20:15:20.967", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/9d1ed6ea-f7a0-4561-9325-a2babef99c74", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/9d1ed6ea-f7a0-4561-9325-a2babef99c74", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/704c9ed7-2120-47ea-aaf0-5fdcbd492954 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/704c9ed7-2120-47ea-aaf0-5fdcbd492954 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Control de acceso inadecuado en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4807", lastModified: "2024-11-21T07:35:58.830", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:11.073", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/704c9ed7-2120-47ea-aaf0-5fdcbd492954", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/704c9ed7-2120-47ea-aaf0-5fdcbd492954", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-27 15:15
Modified
2024-11-21 07:35
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/459b55c1-22f5-4556-9cda-9b86aa91582f | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/459b55c1-22f5-4556-9cda-9b86aa91582f | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Cross-Site Scripting (XSS): almacenado en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4691", lastModified: "2024-11-21T07:35:44.620", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-27T15:15:11.453", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/459b55c1-22f5-4556-9cda-9b86aa91582f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/459b55c1-22f5-4556-9cda-9b86aa91582f", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/e46c5380-a590-40de-a8e5-79872ee0bb29 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/e46c5380-a590-40de-a8e5-79872ee0bb29 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Control de acceso inadecuado en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4809", lastModified: "2024-11-21T07:35:59.067", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:11.220", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e46c5380-a590-40de-a8e5-79872ee0bb29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e46c5380-a590-40de-a8e5-79872ee0bb29", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/11877cbf-fcaf-42ef-813e-502c7293f2b5 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/11877cbf-fcaf-42ef-813e-502c7293f2b5 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Gestión de privilegios inadecuada en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4808", lastModified: "2024-11-21T07:35:58.947", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:11.147", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/11877cbf-fcaf-42ef-813e-502c7293f2b5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/11877cbf-fcaf-42ef-813e-502c7293f2b5", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-01 01:15
Modified
2024-11-21 08:35
Severity ?
Summary
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "F64C568E-3AC2-440A-894D-5946C0AD9C3D", versionEndExcluding: "0.13.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.", }, ], id: "CVE-2023-4698", lastModified: "2024-11-21T08:35:42.837", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-01T01:15:09.437", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e1107d79-1d63-4238-90b7-5cc150512654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e1107d79-1d63-4238-90b7-5cc150512654", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-29 18:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/8e8df1f4-07ab-4b75-aec8-75b1229e93a3 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/8e8df1f4-07ab-4b75-aec8-75b1229e93a3 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Cross-Site Request Forgery (CSRF) en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4844", lastModified: "2024-11-21T07:36:03.533", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-29T18:15:10.173", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/8e8df1f4-07ab-4b75-aec8-75b1229e93a3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/8e8df1f4-07ab-4b75-aec8-75b1229e93a3", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-07 04:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/70da256c-977a-487e-8a6a-9ae22caedbe3 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/70da256c-977a-487e-8a6a-9ae22caedbe3 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "460E8407-0D60-4523-BEED-804ACEED0C66", versionEndExcluding: "0.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, { lang: "es", value: "Cross site scripting (XSS): almacenado en el repositorio de GitHub usememos/memos anteriores a 0.10.0.", }, ], id: "CVE-2023-0111", lastModified: "2024-11-21T07:36:34.467", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-07T04:15:08.393", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/70da256c-977a-487e-8a6a-9ae22caedbe3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/70da256c-977a-487e-8a6a-9ae22caedbe3", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-29 18:15
Modified
2024-11-21 07:36
Severity ?
Summary
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Manejo inadecuado de valores en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4851", lastModified: "2024-11-21T07:36:04.380", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-29T18:15:10.827", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-229", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.\n\n", }, { lang: "es", value: "Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en usememos usememos/memos. Este problema afecta a usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4811", lastModified: "2024-11-21T07:35:59.310", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "security@huntr.dev", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:11.363", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/5233f76f-016b-4c65-b019-2c5d27802a1b | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/5233f76f-016b-4c65-b019-2c5d27802a1b | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Restricción inadecuada de intentos de autenticación excesivos en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4797", lastModified: "2024-11-21T07:35:57.617", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:10.243", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/5233f76f-016b-4c65-b019-2c5d27802a1b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/5233f76f-016b-4c65-b019-2c5d27802a1b", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-307", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Verificación inadecuada del origen de un canal de comunicación en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4800", lastModified: "2024-11-21T07:35:57.980", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:10.540", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-940", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-07 04:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/0b28fa57-acb0-47c8-ac48-962ff3898156 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/0b28fa57-acb0-47c8-ac48-962ff3898156 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "460E8407-0D60-4523-BEED-804ACEED0C66", versionEndExcluding: "0.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, { lang: "es", value: "Cross site scripting (XSS): almacenado en el repositorio de GitHub usememos/memos anteriores a 0.10.0.", }, ], id: "CVE-2023-0107", lastModified: "2024-11-21T07:36:33.983", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 3.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-07T04:15:08.167", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/0b28fa57-acb0-47c8-ac48-962ff3898156", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/0b28fa57-acb0-47c8-ac48-962ff3898156", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Control de acceso inadecuado en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4810", lastModified: "2024-11-21T07:35:59.190", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:11.293", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-19 12:15
Modified
2024-11-21 07:35
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/726285e63467820f94cbf872abe71025a161c212 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/5b3115c5-776c-43d3-a7be-c8dc13ab81ce | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/726285e63467820f94cbf872abe71025a161c212 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/5b3115c5-776c-43d3-a7be-c8dc13ab81ce | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Cross-Site Scripting (XSS): almacenado en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4609", lastModified: "2024-11-21T07:35:35.517", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 5.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-19T12:15:11.123", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/726285e63467820f94cbf872abe71025a161c212", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/5b3115c5-776c-43d3-a7be-c8dc13ab81ce", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/726285e63467820f94cbf872abe71025a161c212", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/5b3115c5-776c-43d3-a7be-c8dc13ab81ce", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-29 18:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/38c685fc-7065-472d-a46e-e26bf0b556d3 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/38c685fc-7065-472d-a46e-e26bf0b556d3 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Cross-Site Request Forgery (CSRF) en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4846", lastModified: "2024-11-21T07:36:03.780", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-29T18:15:10.357", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/38c685fc-7065-472d-a46e-e26bf0b556d3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/38c685fc-7065-472d-a46e-e26bf0b556d3", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-29 18:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/404ce7dd-f345-4d98-ad80-c53ac74f4e5c | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/404ce7dd-f345-4d98-ad80-c53ac74f4e5c | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Cross-Site Request Forgery (CSRF) en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4849", lastModified: "2024-11-21T07:36:04.140", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-29T18:15:10.627", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/404ce7dd-f345-4d98-ad80-c53ac74f4e5c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/404ce7dd-f345-4d98-ad80-c53ac74f4e5c", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Omisión de autorización a través de clave controlada por el usuario en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4806", lastModified: "2024-11-21T07:35:58.713", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:11.003", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-29 18:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/46dc4728-eacc-43f5-9831-c203fdbcc346 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/46dc4728-eacc-43f5-9831-c203fdbcc346 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Cross-Site Request Forgery (CSRF) en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4850", lastModified: "2024-11-21T07:36:04.260", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-29T18:15:10.713", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/46dc4728-eacc-43f5-9831-c203fdbcc346", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/46dc4728-eacc-43f5-9831-c203fdbcc346", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-07 04:15
Modified
2024-11-21 07:36
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/ec2a29dc-79a3-44bd-a58b-15f676934af6 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/ec2a29dc-79a3-44bd-a58b-15f676934af6 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "460E8407-0D60-4523-BEED-804ACEED0C66", versionEndExcluding: "0.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, { lang: "es", value: "cross site scripting (XSS): almacenado en el repositorio de GitHub usememos/memos anteriores a 0.10.0.", }, ], id: "CVE-2023-0112", lastModified: "2024-11-21T07:36:34.590", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-07T04:15:08.467", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ec2a29dc-79a3-44bd-a58b-15f676934af6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/ec2a29dc-79a3-44bd-a58b-15f676934af6", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-01 01:15
Modified
2024-11-21 08:35
Severity ?
Summary
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "F64C568E-3AC2-440A-894D-5946C0AD9C3D", versionEndExcluding: "0.13.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.", }, ], id: "CVE-2023-4697", lastModified: "2024-11-21T08:35:42.710", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-01T01:15:09.320", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/3ff3325a-1dcb-4da7-894d-81a9cf726d81", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/3ff3325a-1dcb-4da7-894d-81a9cf726d81", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Omisión de autorización a través de clave controlada por el usuario en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4812", lastModified: "2024-11-21T07:35:59.437", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:11.433", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-28 14:15
Modified
2024-11-21 07:35
Severity ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/c5d70f9d-b7a7-4418-9368-4566a8143e79 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/c5d70f9d-b7a7-4418-9368-4566a8143e79 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Omisión de autorización a través de clave controlada por el usuario en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4799", lastModified: "2024-11-21T07:35:57.860", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-28T14:15:10.450", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/c5d70f9d-b7a7-4418-9368-4566a8143e79", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.dev/bounties/c5d70f9d-b7a7-4418-9368-4566a8143e79", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-27 15:15
Modified
2024-11-21 07:35
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/a4d865c2-1a2b-4e3a-aaae-915b0dfc3f22 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/a4d865c2-1a2b-4e3a-aaae-915b0dfc3f22 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Cross-Site Scripting (XSS): almacenado en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4694", lastModified: "2024-11-21T07:35:44.960", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-27T15:15:11.530", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/a4d865c2-1a2b-4e3a-aaae-915b0dfc3f22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/a4d865c2-1a2b-4e3a-aaae-915b0dfc3f22", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-23 12:15
Modified
2024-11-21 07:35
Severity ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "9E9BB4B3-BBB1-406D-96EE-69114B828CF0", versionEndExcluding: "0.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.", }, { lang: "es", value: "Control de acceso inadecuado en el repositorio de GitHub usememos/memos anteriores a 0.9.0.", }, ], id: "CVE-2022-4684", lastModified: "2024-11-21T07:35:43.807", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-23T12:15:10.407", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-30 16:15
Modified
2024-11-21 07:36
Severity ?
Summary
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", matchCriteriaId: "7E75ADB4-9898-49F3-BF80-3C54F4CE0FB4", versionEndExcluding: "0.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.", }, { lang: "es", value: "Manejo inadecuado de permisos o privilegios insuficientes en el repositorio de GitHub usememos/memos anteriores a 0.9.1.", }, ], id: "CVE-2022-4863", lastModified: "2024-11-21T07:36:05.650", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-30T16:15:09.347", references: [ { source: "security@huntr.dev", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "security@huntr.dev", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-280", }, ], source: "security@huntr.dev", type: "Primary", }, ], }