Cross-Site Request Forgery (CSRF) in usememos/memos
CVE-2023-5036

8.8HIGH

Key Information:

Vendor
usememos
Status
usememos/memos
Vendor
CVE Published:
18 September 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Memos, an open-source notes app developed by UseMemos, prior to version 0.15.1. This flaw allows attackers to trick users into submitting unwanted requests, potentially compromising their security. Users are encouraged to update to the latest version to mitigate associated risks.

Affected Version(s)

usememos/memos < 0.15.1

References

https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9b...
https://github.com/usememos/memos/commit/97b434722cf0abe3...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-5036 : Cross-Site Request Forgery (CSRF) in usememos/memos | SecurityVulnerability.io