Cross-Site Request Forgery (CSRF) in usememos/memos
CVE-2023-5036

8.8HIGH

Key Information:

Vendor: usememos
Status: usememos/memos
Vendor: CVE Published:; 18 September 2023

What is CVE-2023-5036?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Memos, an open-source notes app developed by UseMemos, prior to version 0.15.1. This flaw allows attackers to trick users into submitting unwanted requests, potentially compromising their security. Users are encouraged to update to the latest version to mitigate associated risks.

Affected Version(s)

usememos/memos < 0.15.1

References

https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9b...

https://github.com/usememos/memos/commit/97b434722cf0abe3...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2023
Vulnerability Reserved
Sep 18, 2023