Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-4810— Improper Access Control in usememos/memos

EPSS 0.17% · P38
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-4810

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Improper Access Control in usememos/memos
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
memos 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
memos是具有知识管理和社交功能的开源自托管备忘录中心。 memos 0.9.1 之前版本存在访问控制错误漏洞,攻击者利用该漏洞可以通过 api 查看来自其他用户的私人私人备忘录中的任何内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
usememosusememos/memos unspecified ~ 0.9.1 -

II. Public POCs for CVE-2022-4810

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-4810

登录查看更多情报信息。

Same Patch Batch · usememos · 2022-12-28 · 19 CVEs total

CVE-2022-48118.3 HIGHAuthorization Bypass Through User-Controlled Key in usememos/memos
CVE-2022-4805Incorrect Use of Privileged APIs in usememos/memos
CVE-2022-4814Improper Access Control in usememos/memos
CVE-2022-4813Insufficient Granularity of Access Control in usememos/memos
CVE-2022-4812Authorization Bypass Through User-Controlled Key in usememos/memos
CVE-2022-4809Improper Access Control in usememos/memos
CVE-2022-4808Improper Privilege Management in usememos/memos
CVE-2022-4807Improper Access Control in usememos/memos
CVE-2022-4806Authorization Bypass Through User-Controlled Key in usememos/memos
CVE-2022-4796Incorrect Use of Privileged APIs in usememos/memos
CVE-2022-4804Improper Authorization in usememos/memos
CVE-2022-4803Authorization Bypass Through User-Controlled Key in usememos/memos
CVE-2022-4802Authorization Bypass Through User-Controlled Key in usememos/memos
CVE-2022-4801Insufficient Granularity of Access Control in usememos/memos
CVE-2022-4800Improper Verification of Source of a Communication Channel in usememos/memos
CVE-2022-4799Authorization Bypass Through User-Controlled Key in usememos/memos
CVE-2022-4798Authorization Bypass Through User-Controlled Key in usememos/memos
CVE-2022-4797Improper Restriction of Excessive Authentication Attempts in usememos/memos

IV. Related Vulnerabilities

Same product: usememos/memos
Same vendor: usememos
Same weakness: CWE-284

V. Comments for CVE-2022-4810

No comments yet

Leave a comment