Skip to main content

Authorization Bypass Through User-Controlled Key

CVE-2022-4806

Severity Medium
Score 5.3/10

Summary

Improper Access Control via end point "api/memo" in usememos/memos prior to 0.9.1. This has the same fix as CVE-2022-4796, CVE-2022-4797, CVE-2022-4799, CVE-2022-4801, CVE-2022-4804, CVE-2022-4810, CVE-2022-4811, CVE-2022-4813, CVE-2022-4814 and CVE-2022-4851.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-639 - Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Advisory Timeline

  • Published