Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1qMmdqLWczcDktN21ycs4AA1nC

Critical EPSS: 0.0096% (0.7551 Percentile) EPSS:
Permalink JSON

Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos

Affected Packages Affected Versions Fixed Versions
go:github.com/usememos/memos < 0.13.2 0.13.2
0 Dependent packages
0 Dependent repositories

Affected Version Ranges

All affected versions

0.0.1, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.9.0, 0.9.1, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.12.2, 0.13.0, 0.13.1

All unaffected versions

0.13.2, 0.14.0, 0.14.1, 0.14.2, 0.14.3, 0.14.4, 0.15.0, 0.15.1, 0.15.2, 0.16.0, 0.16.1, 0.17.0, 0.17.1, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.19.1, 0.20.0, 0.20.1, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.22.3, 0.22.4, 0.22.5, 0.23.0, 0.23.1, 0.24.0, 0.24.1, 0.24.2, 0.24.3, 0.24.4, 0.25.0

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. As of commit c9aa2eeb9 access tokens which fail validation are rejected.

References:

Identifiers

GHSA-j2gj-g3p9-7mrr

CVE-2023-4696

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.0096

EPSS Percentile: 0.7551

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/usememos/memos

Date and time

Published

almost 2 years ago

Updated

over 1 year ago

API

JSON