Incorrect Use of Privileged APIs

CVE-2022-4796

High

8.1/10

Summary

Incorrect Use of Privileged APIs via end point "api/memo" in usememos/memos prior to 0.9.1. This has the same fix as CVE-2022-4797, CVE-2022-4799, CVE-2022-4801, CVE-2022-4804, CVE-2022-4806, CVE-2022-4810, CVE-2022-4811, CVE-2022-4813, CVE-2022-4814 and CVE-2022-4851

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-648 - Incorrect Use of Privileged APIs

The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

References

Advisory
Disclosure
Pull request
Release Note

Advisory Timeline

Published Dec 28, 2022

Incorrect Use of Privileged APIs

CVE-2022-4796

Summary

CWE-648 - Incorrect Use of Privileged APIs

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS