GHSA-vwg4-846x-f94v

Опубликовано: 23 дек. 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

usememos/memos vulnerable to improper authorization

usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos versions prior to 0.9.0 are vulnerable to improper authorization, which can allow a user to modify the nickname, username and email of other users without permission.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-4688
https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9
https://huntr.dev/bounties/23856e7e-94ff-4dee-97d0-0cd47e9b8ff6

Пакеты

Наименование

github.com/usememos/memos

Затронутые версииВерсия исправления

< 0.9.0

0.9.0

EPSS

Процентиль: 50%

0.00269

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-4688

Дефекты

CWE-285

Связанные уязвимости

CVE-2022-4688

CVSS3: 8.8

nvd

около 3 лет назад

Improper Authorization in GitHub repository usememos/memos prior to 0.9.0.

EPSS

Процентиль: 50%

0.00269

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-4688

Дефекты

CWE-285