CVE-2022-4800 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
@huntrdev	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Vendor	Product	Version
usememos	memos	𝑥 < 0.9.1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-940 - Improper Verification of Source of a Communication Channel
The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

References

https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53

https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8

https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53

https://huntr.dev/bounties/aa45a6eb-cc38-45e5-a301-221ef43c0ef8