Vulnerabilites related to usememos - usememos/memos
cve-2022-4609
Vulnerability from cvelistv5
Published
2022-12-19 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:41:45.634Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/5b3115c5-776c-43d3-a7be-c8dc13ab81ce", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/726285e63467820f94cbf872abe71025a161c212", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/5b3115c5-776c-43d3-a7be-c8dc13ab81ce", }, { url: "https://github.com/usememos/memos/commit/726285e63467820f94cbf872abe71025a161c212", }, ], source: { advisory: "5b3115c5-776c-43d3-a7be-c8dc13ab81ce", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4609", datePublished: "2022-12-19T00:00:00", dateReserved: "2022-12-19T00:00:00", dateUpdated: "2024-08-03T01:41:45.634Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4839
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.256Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ad954cab-f026-4895-8003-99f5e3b507ed", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { url: "https://huntr.dev/bounties/ad954cab-f026-4895-8003-99f5e3b507ed", }, ], source: { advisory: "ad954cab-f026-4895-8003-99f5e3b507ed", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4839", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4800
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-940", description: "CWE-940 Improper Verification of Source of a Communication Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8", }, ], source: { advisory: "aa45a6eb-cc38-45e5-a301-221ef43c0ef8", discovery: "EXTERNAL", }, title: "Improper Verification of Source of a Communication Channel in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4800", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4841
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.992Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/fa46b3ef-c621-443a-be3a-0a83fb78ba62", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/fa46b3ef-c621-443a-be3a-0a83fb78ba62", }, { url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, ], source: { advisory: "fa46b3ef-c621-443a-be3a-0a83fb78ba62", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4841", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.992Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4849
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.948Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/404ce7dd-f345-4d98-ad80-c53ac74f4e5c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/404ce7dd-f345-4d98-ad80-c53ac74f4e5c", }, ], source: { advisory: "404ce7dd-f345-4d98-ad80-c53ac74f4e5c", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4849", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.948Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4848
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-940", description: "CWE-940 Improper Verification of Source of a Communication Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/25de88cc-8d0d-41a1-b069-9ef1327770bc", }, ], source: { advisory: "25de88cc-8d0d-41a1-b069-9ef1327770bc", discovery: "EXTERNAL", }, title: "Improper Verification of Source of a Communication Channel in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4848", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0108
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.573Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/f66d33df-6588-4ab4-80a0-847451517944", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { url: "https://huntr.dev/bounties/f66d33df-6588-4ab4-80a0-847451517944", }, ], source: { advisory: "f66d33df-6588-4ab4-80a0-847451517944", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0108", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4850
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.883Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/46dc4728-eacc-43f5-9831-c203fdbcc346", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/46dc4728-eacc-43f5-9831-c203fdbcc346", }, ], source: { advisory: "46dc4728-eacc-43f5-9831-c203fdbcc346", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4850", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.883Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4734
Vulnerability from cvelistv5
Published
2022-12-25 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.430Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.</p>", }, ], value: "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-212", description: "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-18T15:25:34.082Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/4b4421dc-73af-4dec-884c-836f9732cb5b", }, { url: "https://github.com/usememos/memos/commit/05b41804e33a34102f1f75bb2d69195dda6a1210", }, ], source: { advisory: "4b4421dc-73af-4dec-884c-836f9732cb5b", discovery: "EXTERNAL", }, title: "Improper Removal of Sensitive Information Before Storage or Transfer in usememos/memos", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4734", datePublished: "2022-12-25T00:00:00", dateReserved: "2022-12-25T00:00:00", dateUpdated: "2024-08-03T01:48:40.430Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4851
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.888Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-229", description: "CWE-229 Improper Handling of Values", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f", }, ], source: { advisory: "e3cebc1a-1326-4a08-abad-0414a717fa0f", discovery: "EXTERNAL", }, title: "Improper Handling of Values in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4851", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.888Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0112
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.221Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ec2a29dc-79a3-44bd-a58b-15f676934af6", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/ec2a29dc-79a3-44bd-a58b-15f676934af6", }, { url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, ], source: { advisory: "ec2a29dc-79a3-44bd-a58b-15f676934af6", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0112", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.221Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4802
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.475Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/d47d4a94-92e3-4400-b012-a8577cbd7956", }, ], source: { advisory: "d47d4a94-92e3-4400-b012-a8577cbd7956", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4802", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4812
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c", }, ], source: { advisory: "33924891-5c36-4b46-b417-98eaab688c4c", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4812", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0106
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/5c0809cb-f4ff-4447-bed6-b5625fb374bb", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/5c0809cb-f4ff-4447-bed6-b5625fb374bb", }, { url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, ], source: { advisory: "5c0809cb-f4ff-4447-bed6-b5625fb374bb", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0106", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4798
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.378Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e12eed25-1a8e-4ee1-b846-2d4df1db2fae", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/e12eed25-1a8e-4ee1-b846-2d4df1db2fae", }, ], source: { advisory: "e12eed25-1a8e-4ee1-b846-2d4df1db2fae", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4798", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.378Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4696
Vulnerability from cvelistv5
Published
2023-09-01 00:00
Modified
2024-09-30 20:23
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.13.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:37:59.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/4747a485-77c3-4bb5-aab0-21253ef303ca", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4696", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T20:22:53.572721Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T20:23:07.442Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.13.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-01T00:00:19.758Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/4747a485-77c3-4bb5-aab0-21253ef303ca", }, { url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], source: { advisory: "4747a485-77c3-4bb5-aab0-21253ef303ca", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-4696", datePublished: "2023-09-01T00:00:19.758Z", dateReserved: "2023-09-01T00:00:07.332Z", dateUpdated: "2024-09-30T20:23:07.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4845
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.139Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/075dbd51-b078-436c-9e3d-7f25cd2e7e1b", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/075dbd51-b078-436c-9e3d-7f25cd2e7e1b", }, ], source: { advisory: "075dbd51-b078-436c-9e3d-7f25cd2e7e1b", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4845", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:46.139Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4686
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.364Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-27T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { url: "https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637", }, ], source: { advisory: "caa0b22c-501f-44eb-af65-65c315cd1637", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4686", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:40.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0107
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.474Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/0b28fa57-acb0-47c8-ac48-962ff3898156", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/0f8ce3dd1696722f951d7195ad1f88b39a5d15d7", }, { url: "https://huntr.dev/bounties/0b28fa57-acb0-47c8-ac48-962ff3898156", }, ], source: { advisory: "0b28fa57-acb0-47c8-ac48-962ff3898156", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0107", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.474Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4688
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/23856e7e-94ff-4dee-97d0-0cd47e9b8ff6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { url: "https://huntr.dev/bounties/23856e7e-94ff-4dee-97d0-0cd47e9b8ff6", }, ], source: { advisory: "23856e7e-94ff-4dee-97d0-0cd47e9b8ff6", discovery: "EXTERNAL", }, title: "Improper Authorization in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4688", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:40.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4689
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.847Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a78c4326-6e7b-47fe-aa82-461e5c12a4e3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { url: "https://huntr.dev/bounties/a78c4326-6e7b-47fe-aa82-461e5c12a4e3", }, ], source: { advisory: "a78c4326-6e7b-47fe-aa82-461e5c12a4e3", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4689", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.847Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4811
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.670Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.<p>This issue affects usememos/memos before 0.9.1.</p>", }, ], value: "Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-18T15:24:51.892Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/e907b754-4f33-46b6-9dd2-0d2223cb060c", }, ], source: { advisory: "e907b754-4f33-46b6-9dd2-0d2223cb060c", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4811", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.670Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4809
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.493Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e46c5380-a590-40de-a8e5-79872ee0bb29", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/e46c5380-a590-40de-a8e5-79872ee0bb29", }, ], source: { advisory: "e46c5380-a590-40de-a8e5-79872ee0bb29", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4809", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.493Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4796
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.492Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/efe8001b-1d6a-41af-a64c-736705cc66a6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-648", description: "CWE-648 Incorrect Use of Privileged APIs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/efe8001b-1d6a-41af-a64c-736705cc66a6", }, ], source: { advisory: "efe8001b-1d6a-41af-a64c-736705cc66a6", discovery: "EXTERNAL", }, title: "Incorrect Use of Privileged APIs in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4796", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.492Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4808
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/11877cbf-fcaf-42ef-813e-502c7293f2b5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/11877cbf-fcaf-42ef-813e-502c7293f2b5", }, ], source: { advisory: "11877cbf-fcaf-42ef-813e-502c7293f2b5", discovery: "EXTERNAL", }, title: "Improper Privilege Management in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4808", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.438Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4697
Vulnerability from cvelistv5
Published
2023-09-01 00:00
Modified
2024-10-01 13:13
Severity ?
EPSS score ?
Summary
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.13.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:37:59.470Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/3ff3325a-1dcb-4da7-894d-81a9cf726d81", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4697", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T13:12:56.315418Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T13:13:06.214Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.13.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-01T00:00:20.740Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/3ff3325a-1dcb-4da7-894d-81a9cf726d81", }, { url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], source: { advisory: "3ff3325a-1dcb-4da7-894d-81a9cf726d81", discovery: "EXTERNAL", }, title: "Improper Privilege Management in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-4697", datePublished: "2023-09-01T00:00:20.740Z", dateReserved: "2023-09-01T00:00:08.046Z", dateUpdated: "2024-10-01T13:13:06.214Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0111
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.629Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/70da256c-977a-487e-8a6a-9ae22caedbe3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { url: "https://huntr.dev/bounties/70da256c-977a-487e-8a6a-9ae22caedbe3", }, ], source: { advisory: "70da256c-977a-487e-8a6a-9ae22caedbe3", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0111", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.629Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4803
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.614Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/0fba72b9-db10-4d9f-a707-2acf2004a286", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/0fba72b9-db10-4d9f-a707-2acf2004a286", }, ], source: { advisory: "0fba72b9-db10-4d9f-a707-2acf2004a286", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4803", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4684
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { url: "https://huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5", }, ], source: { advisory: "b66f2bdd-8b41-456c-bf65-92302c2e03b5", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4684", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4767
Vulnerability from cvelistv5
Published
2022-12-27 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Denial of Service in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.396Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/75b4a085-923c-4ecc-bbf6-e049290db502", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/f888c628408501daf639de07b90a72ab443b0f4c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Denial of Service in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-27T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/75b4a085-923c-4ecc-bbf6-e049290db502", }, { url: "https://github.com/usememos/memos/commit/f888c628408501daf639de07b90a72ab443b0f4c", }, ], source: { advisory: "75b4a085-923c-4ecc-bbf6-e049290db502", discovery: "EXTERNAL", }, title: "Denial of Service in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4767", datePublished: "2022-12-27T00:00:00", dateReserved: "2022-12-27T00:00:00", dateUpdated: "2024-08-03T01:48:40.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4694
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a4d865c2-1a2b-4e3a-aaae-915b0dfc3f22", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/a4d865c2-1a2b-4e3a-aaae-915b0dfc3f22", }, { url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, ], source: { advisory: "a4d865c2-1a2b-4e3a-aaae-915b0dfc3f22", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4694", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.517Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4687
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.025Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-648", description: "CWE-648 Incorrect Use of Privileged APIs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9", }, { url: "https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788", }, ], source: { advisory: "b908377f-a61b-432c-8e6a-c7498da69788", discovery: "EXTERNAL", }, title: "Incorrect Use of Privileged APIs in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4687", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:40.025Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4799
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.527Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/c5d70f9d-b7a7-4418-9368-4566a8143e79", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/c5d70f9d-b7a7-4418-9368-4566a8143e79", }, ], source: { advisory: "c5d70f9d-b7a7-4418-9368-4566a8143e79", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4799", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.527Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4846
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.654Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/38c685fc-7065-472d-a46e-e26bf0b556d3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/38c685fc-7065-472d-a46e-e26bf0b556d3", }, ], source: { advisory: "38c685fc-7065-472d-a46e-e26bf0b556d3", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4846", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4801
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.440Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b0795261-0f97-4f0b-be44-9dc079e01593", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1220", description: "CWE-1220 Insufficient Granularity of Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/b0795261-0f97-4f0b-be44-9dc079e01593", }, ], source: { advisory: "b0795261-0f97-4f0b-be44-9dc079e01593", discovery: "EXTERNAL", }, title: "Insufficient Granularity of Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4801", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4804
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.506Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/4ee48a1e-6332-4d95-a360-9c392643c533", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/4ee48a1e-6332-4d95-a360-9c392643c533", }, ], source: { advisory: "4ee48a1e-6332-4d95-a360-9c392643c533", discovery: "EXTERNAL", }, title: "Improper Authorization in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4804", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.506Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4865
Vulnerability from cvelistv5
Published
2022-12-31 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.712Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-31T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, { url: "https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be", }, ], source: { advisory: "cd8765a2-bf28-4019-8647-882ccf63b2be", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4865", datePublished: "2022-12-31T00:00:00", dateReserved: "2022-12-31T00:00:00", dateUpdated: "2024-08-03T01:55:45.712Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4805
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.425Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-648", description: "CWE-648 Incorrect Use of Privileged APIs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/b03f6a9b-e49b-42d6-a318-1d7afd985873", }, ], source: { advisory: "b03f6a9b-e49b-42d6-a318-1d7afd985873", discovery: "EXTERNAL", }, title: "Incorrect Use of Privileged APIs in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4805", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.425Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4690
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.577Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335", }, { url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, ], source: { advisory: "7e1be91d-3b13-4300-8af2-9bd9665ec335", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4690", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4813
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.413Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1220", description: "CWE-1220 Insufficient Granularity of Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc", }, ], source: { advisory: "a24b45d8-554b-4131-8ce1-f33bf8cdbacc", discovery: "EXTERNAL", }, title: "Insufficient Granularity of Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4813", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.413Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4814
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.440Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4", }, ], source: { advisory: "e65b3458-c2e2-4c0b-9029-e3c9ee015ae4", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4814", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4844
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.717Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/8e8df1f4-07ab-4b75-aec8-75b1229e93a3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, { url: "https://huntr.dev/bounties/8e8df1f4-07ab-4b75-aec8-75b1229e93a3", }, ], source: { advisory: "8e8df1f4-07ab-4b75-aec8-75b1229e93a3", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4844", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.717Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4806
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639 Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-02T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be", }, ], source: { advisory: "2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be", discovery: "EXTERNAL", }, title: "Authorization Bypass Through User-Controlled Key in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4806", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.461Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4840
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.717Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/b42aa2e9-c783-464c-915c-a80cb464ee01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/64e5c343c5f74b0abdf3ac0d21a6139daea58cf8", }, { url: "https://huntr.dev/bounties/b42aa2e9-c783-464c-915c-a80cb464ee01", }, ], source: { advisory: "b42aa2e9-c783-464c-915c-a80cb464ee01", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4840", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.717Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4692
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.381Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/9d1ed6ea-f7a0-4561-9325-a2babef99c74", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { url: "https://huntr.dev/bounties/9d1ed6ea-f7a0-4561-9325-a2babef99c74", }, ], source: { advisory: "9d1ed6ea-f7a0-4561-9325-a2babef99c74", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4692", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:40.381Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4807
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.534Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/704c9ed7-2120-47ea-aaf0-5fdcbd492954", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/704c9ed7-2120-47ea-aaf0-5fdcbd492954", }, ], source: { advisory: "704c9ed7-2120-47ea-aaf0-5fdcbd492954", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4807", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.534Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5036
Vulnerability from cvelistv5
Published
2023-09-18 05:46
Modified
2024-09-25 14:06
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.15.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:44:53.611Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "memos", vendor: "usememos", versions: [ { lessThan: "0.15.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-5036", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-25T13:59:00.783440Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-25T14:06:54.622Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.15.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-18T05:46:44.541Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d", }, { url: "https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536", }, ], source: { advisory: "46881df7-eb41-4ce2-a78f-82de9bc4fc2d", discovery: "EXTERNAL", }, title: "Cross-Site Request Forgery (CSRF) in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-5036", datePublished: "2023-09-18T05:46:44.541Z", dateReserved: "2023-09-18T05:46:34.513Z", dateUpdated: "2024-09-25T14:06:54.622Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4698
Vulnerability from cvelistv5
Published
2023-09-01 00:00
Modified
2024-09-30 20:22
Severity ?
EPSS score ?
Summary
Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.13.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:37:59.324Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/e1107d79-1d63-4238-90b7-5cc150512654", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-4698", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T20:22:04.714868Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T20:22:15.819Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.13.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-01T00:00:20.059Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/e1107d79-1d63-4238-90b7-5cc150512654", }, { url: "https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd", }, ], source: { advisory: "e1107d79-1d63-4238-90b7-5cc150512654", discovery: "EXTERNAL", }, title: "Improper Input Validation in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-4698", datePublished: "2023-09-01T00:00:20.059Z", dateReserved: "2023-09-01T00:00:09.810Z", dateUpdated: "2024-09-30T20:22:15.819Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4691
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/459b55c1-22f5-4556-9cda-9b86aa91582f", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82", }, { url: "https://huntr.dev/bounties/459b55c1-22f5-4556-9cda-9b86aa91582f", }, ], source: { advisory: "459b55c1-22f5-4556-9cda-9b86aa91582f", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4691", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4797
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.409Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/5233f76f-016b-4c65-b019-2c5d27802a1b", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-307", description: "CWE-307 Improper Restriction of Excessive Authentication Attempts", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/5233f76f-016b-4c65-b019-2c5d27802a1b", }, { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, ], source: { advisory: "5233f76f-016b-4c65-b019-2c5d27802a1b", discovery: "EXTERNAL", }, title: "Improper Restriction of Excessive Authentication Attempts in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4797", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.409Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0109
Vulnerability from cvelistv5
Published
2024-11-15 10:57
Modified
2024-11-15 20:56
Severity ?
EPSS score ?
Summary
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-0109", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T20:55:45.535755Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T20:56:59.319Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This can lead to the theft of sensitive information, such as login credentials, from users visiting the affected website. The issue has been fixed in version 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T10:57:21.900Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/1899ffb2-ce1e-4dc0-af96-972612190f6e", }, { url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, ], source: { advisory: "1899ffb2-ce1e-4dc0-af96-972612190f6e", discovery: "EXTERNAL", }, title: "Stored XSS in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2023-0109", datePublished: "2024-11-15T10:57:21.900Z", dateReserved: "2023-01-07T02:52:45.260Z", dateUpdated: "2024-11-15T20:56:59.319Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4866
Vulnerability from cvelistv5
Published
2022-12-31 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/39c04778-6228-4f07-bdd4-ab17f246dbff", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-31T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/39c04778-6228-4f07-bdd4-ab17f246dbff", }, { url: "https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc", }, ], source: { advisory: "39c04778-6228-4f07-bdd4-ab17f246dbff", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4866", datePublished: "2022-12-31T00:00:00", dateReserved: "2022-12-31T00:00:00", dateUpdated: "2024-08-03T01:55:45.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4695
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/2559d548-b847-40fb-94d6-18c1ad58b789", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e", }, { url: "https://huntr.dev/bounties/2559d548-b847-40fb-94d6-18c1ad58b789", }, ], source: { advisory: "2559d548-b847-40fb-94d6-18c1ad58b789", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4695", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:40.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0110
Vulnerability from cvelistv5
Published
2023-01-07 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:43.477Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/6e4a1961-dbca-46f6-ae21-c25a621e54a7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.10.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-07T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/46c13a4b7f675b92d297df6dabb4441f13c7cd9c", }, { url: "https://huntr.dev/bounties/6e4a1961-dbca-46f6-ae21-c25a621e54a7", }, ], source: { advisory: "6e4a1961-dbca-46f6-ae21-c25a621e54a7", discovery: "EXTERNAL", }, title: "Cross-site Scripting (XSS) - Stored in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2023-0110", datePublished: "2023-01-07T00:00:00", dateReserved: "2023-01-07T00:00:00", dateUpdated: "2024-08-02T05:02:43.477Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4683
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.937Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/7efa749c6628c75b19a912ca170529f5c293bb2e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-614", description: "CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-23T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef", }, { url: "https://github.com/usememos/memos/commit/7efa749c6628c75b19a912ca170529f5c293bb2e", }, ], source: { advisory: "84973f6b-739a-4d7e-8757-fc58cbbaf6ef", discovery: "EXTERNAL", }, title: "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4683", datePublished: "2022-12-23T00:00:00", dateReserved: "2022-12-23T00:00:00", dateUpdated: "2024-08-03T01:48:39.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4810
Vulnerability from cvelistv5
Published
2022-12-28 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:40.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/f0c8d778-db86-4ed3-85bb-5315ab56915e", }, ], source: { advisory: "f0c8d778-db86-4ed3-85bb-5315ab56915e", discovery: "EXTERNAL", }, title: "Improper Access Control in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4810", datePublished: "2022-12-28T00:00:00", dateReserved: "2022-12-28T00:00:00", dateUpdated: "2024-08-03T01:48:40.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4863
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-280", description: "CWE-280 Improper Handling of Insufficient Permissions or Privileges ", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-30T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53", }, { url: "https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45", }, ], source: { advisory: "42751929-e511-49a9-888d-d5b610da2a45", discovery: "EXTERNAL", }, title: "Improper Handling of Insufficient Permissions or Privileges in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4863", datePublished: "2022-12-30T00:00:00", dateReserved: "2022-12-30T00:00:00", dateUpdated: "2024-08-03T01:55:46.067Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4847
Vulnerability from cvelistv5
Published
2022-12-29 00:00
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| usememos | usememos/memos |
Version: unspecified < 0.9.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:45.947Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73", }, { tags: [ "x_transferred", ], url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "usememos/memos", vendor: "usememos", versions: [ { lessThan: "0.9.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-941", description: "CWE-941 Incorrectly Specified Destination in a Communication Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-29T00:00:00", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73", }, { url: "https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948", }, ], source: { advisory: "ff6d4b5a-5e75-4a14-b5ce-f318f8613b73", discovery: "EXTERNAL", }, title: "Incorrectly Specified Destination in a Communication Channel in usememos/memos", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-4847", datePublished: "2022-12-29T00:00:00", dateReserved: "2022-12-29T00:00:00", dateUpdated: "2024-08-03T01:55:45.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }