CVE-2022-4806

CVSS V2 None CVSS V3 None
Description
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.
Overview
  • CVE ID
  • CVE-2022-4806
  • Assigner
  • security@huntr.dev
  • Vulnerability Status
  • Modified
  • Published Version
  • 2022-12-28T14:15:11
  • Last Modified Date
  • 2023-03-02T02:15:41
Weakness Enumerations
CWE URL
CWE-639 http://cwe.mitre.org/data/definitions/639.html
CWE-284 http://cwe.mitre.org/data/definitions/284.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:* 1 OR 0.9.1
References
Reference URL Reference Tags
https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-4806
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4806
History
Created Old Value New Value Data Type Notes
2022-12-28 15:14:54 Added to TrackCVE
2022-12-28 15:14:56 Weakness Enumeration new
2022-12-31 04:17:36 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-31 04:17:40 CVSS V3 information new
2023-01-06 00:26:23 2023-01-05T23:52:15 CVE Modified Date updated
2023-01-06 00:26:23 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-06 00:26:24 Weakness Enumeration update
2023-01-06 00:26:26 CPE Information updated
2023-01-06 00:26:26 CVSS V3 information new
2023-03-02 03:17:30 2023-03-02T02:15:41 CVE Modified Date updated
2023-03-02 03:17:30 Analyzed Modified Vulnerability Status updated
2023-03-02 03:17:30 Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Description updated
2023-03-02 03:17:31 CVSS V3 information new