CVE-2022-4797
published 2022-12-28CVE-2022-4797: Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.
PriorityP419medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.71%
49.0th percentile
Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | usememos_memos | >= 0 < 0.9.1 | 0.9.1 |
| usememos | memos | < 0.9.1 | 0.9.1 |
| usememos | usememos_memos | >= unspecified < 0.9.1 | 0.9.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos
osv·2024-08-21
CVE-2022-4797 usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts in github.com/usememos/memos
GHSA
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
ghsa·2022-12-28
CVE-2022-4797 [MEDIUM] CWE-307 usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
In usememos/memos 0.9.0 and prior, an attacker can delete other users' posts via post id, which can be done via brute force.
OSV
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
osv·2022-12-28
CVE-2022-4797 [MEDIUM] usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
In usememos/memos 0.9.0 and prior, an attacker can delete other users' posts via post id, which can be done via brute force.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-28
Published