GHSA-w57v-6xp4-rm2v

Опубликовано: 23 дек. 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

usememos/memos vulnerable to account takeover due to improper access control

usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Versions prior to 0.9.0 improperly maintain access control allowing an attacker to take over an account by changing header values in the HTTP request.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-4689
https://github.com/usememos/memos/pull/831
https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9
https://huntr.dev/bounties/a78c4326-6e7b-47fe-aa82-461e5c12a4e3

Пакеты

Наименование

github.com/usememos/memos

Затронутые версииВерсия исправления

< 0.9.0

0.9.0

EPSS

Процентиль: 51%

0.00282

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-4689

Дефекты

CWE-284

Связанные уязвимости

CVE-2022-4689

CVSS3: 8.8

nvd

около 3 лет назад

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

EPSS

Процентиль: 51%

0.00282

Низкий

8.8 High

CVSS3

CVE ID

CVE-2022-4689

Дефекты

CWE-284