CVE-2022-4798

CVSS V2 None CVSS V3 None
Description
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
Overview
  • CVE ID
  • CVE-2022-4798
  • Assigner
  • security@huntr.dev
  • Vulnerability Status
  • Modified
  • Published Version
  • 2022-12-28T14:15:10
  • Last Modified Date
  • 2023-03-02T01:15:10
Weakness Enumerations
CWE URL
CWE-639 http://cwe.mitre.org/data/definitions/639.html
CWE-285 http://cwe.mitre.org/data/definitions/285.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:* 1 OR 0.9.1
References
Reference URL Reference Tags
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
https://huntr.dev/bounties/e12eed25-1a8e-4ee1-b846-2d4df1db2fae
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-4798
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4798
History
Created Old Value New Value Data Type Notes
2022-12-28 15:14:53 Added to TrackCVE
2022-12-28 15:14:53 Weakness Enumeration new
2022-12-31 04:17:34 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-31 04:17:37 CVSS V3 information new
2023-01-05 22:19:04 2023-01-05T21:45:08 CVE Modified Date updated
2023-01-05 22:19:04 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-05 22:19:06 Weakness Enumeration update
2023-01-05 22:19:08 CPE Information updated
2023-01-05 22:19:08 CVSS V3 information new
2023-03-02 02:14:23 2023-03-02T01:15:10 CVE Modified Date updated
2023-03-02 02:14:23 Analyzed Modified Vulnerability Status updated
2023-03-02 02:14:24 Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Description updated
2023-03-02 02:14:24 CVSS V3 information new