CVE-2022-4805

Name of the Vulnerable Software and Affected Versions usememos/memos versions prior to 0.9.1

Description The issue concerns the incorrect use of privileged APIs in the usememos/memos GitHub repository. A user can archive any private memos, delete any shortcut, and edit any shortcut from other users via the API. This allows unauthorized access and modification of sensitive data.

Recommendations For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the API endpoints that allow archiving, deleting, and editing shortcuts to minimize the risk of exploitation.