CVE-2022-4688

Name of the Vulnerable Software and Affected Versions usememos/memos versions prior to 0.9.0

Description The issue concerns improper authorization in the usememos/memos GitHub repository. This repository is for an open-source, self-hosted memo hub that includes knowledge management and socialization features. The improper authorization can allow a user to modify other users' nicknames, usernames, and email addresses without permission.

Recommendations For versions prior to 0.9.0, update to version 0.9.0 or later to resolve the improper authorization issue. As a temporary workaround, consider restricting access to user modification functions until the update can be applied.