PT-2022-28098 · Unknown · Usememos/Memos

Published

2022-12-28

Updated

2024-08-21

CVE-2022-4797

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions usememos/memos versions prior to 0.9.1

Description The issue concerns an improper restriction of excessive authentication attempts. An attacker can exploit this by deleting other users' posts via post id through brute force.

Recommendations For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to post deletion functionality to minimize the risk of exploitation.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2022-4797

GHSA-QRRF-XVCF-P64Q

GO-2022-1244

Affected Products

Usememos/Memos

PT-2022-28098 · Unknown · Usememos/Memos

CVE-2022-4797

Weakness Enumeration

Related Identifiers

Affected Products

References · 10