Improper Privilege Management in usememos/memos
CVE-2023-4697

8.8HIGH

Key Information:

Vendor: Usememos
Status: Usememos/memos
Vendor: CVE Published:; 1 September 2023

Summary

The vulnerability in Memos arises from improper privilege management, allowing unauthorized users to gain higher access levels than intended. This security flaw can be exploited by attackers to execute privileged actions without the appropriate credentials, leading to potential data breaches and malicious activity. It’s crucial for users of versions prior to 0.13.2 to update their systems to mitigate this risk.

Affected Version(s)

usememos/memos < 0.13.2

References

https://huntr.dev/bounties/3ff3325a-1dcb-4da7-894d-81a9cf...

https://github.com/usememos/memos/commit/c9aa2eeb9852047e...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 1, 2023
Vulnerability Reserved
Sep 1, 2023