CVE-2022-4805
published 2022-12-28CVE-2022-4805: Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
PriorityP419medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.51%
39.4th percentile
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | usememos_memos | >= 0 < 0.9.1 | 0.9.1 |
| usememos | memos | < 0.9.1 | 0.9.1 |
| usememos | usememos_memos | >= unspecified < 0.9.1 | 0.9.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv3.07.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos
osv·2024-08-20
CVE-2022-4805 usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos
usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos
usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos
OSV
usememos/memos Incorrect Use of Privileged APIs vulnerability
osv·2022-12-28
CVE-2022-4805 [MEDIUM] usememos/memos Incorrect Use of Privileged APIs vulnerability
usememos/memos Incorrect Use of Privileged APIs vulnerability
In usememos/memos 0.9.0 and prior, a user can archive any private memos, delete any shortcut, and edit any shortcut from other users via API.
GHSA
usememos/memos Incorrect Use of Privileged APIs vulnerability
ghsa·2022-12-28
CVE-2022-4805 [MEDIUM] CWE-648 usememos/memos Incorrect Use of Privileged APIs vulnerability
usememos/memos Incorrect Use of Privileged APIs vulnerability
In usememos/memos 0.9.0 and prior, a user can archive any private memos, delete any shortcut, and edit any shortcut from other users via API.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-28
Published