SB2023010514 - Multiple vulnerabilities in memos
Published: January 5, 2023 Updated: April 1, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Stored cross-site scripting (CVE-ID: CVE-2022-4866)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when creating memos. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Stored cross-site scripting (CVE-ID: CVE-2022-4865)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when creating a new post. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-4863)
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to improper handling of insufficient permissions or privileges. A local attacker can send a specially crafted request to ARCHIVE and Delete OWN Admin Account.
4) Cross-site request forgery (CVE-ID: CVE-2022-4847)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to incorrectly-specified destination in a communication channel. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
5) Cross-site request forgery (CVE-ID: CVE-2022-4845)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote user can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
6) Cross-site request forgery (CVE-ID: CVE-2022-4846)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in Add Users. A remote user can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
7) Authorization bypass through user-controlled key (CVE-ID: CVE-2022-4806)
The vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to authorization bypass through user-controlled key. A remote user can bypass implemented security restrictions.
Remediation
Install update from vendor's website.
References
- https://huntr.dev/bounties/39c04778-6228-4f07-bdd4-ab17f246dbff
- https://github.com/usememos/memos/commit/7670c9536000bb32c6345d4906a91268dcddd5fc
- https://huntr.dev/bounties/cd8765a2-bf28-4019-8647-882ccf63b2be
- https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
- https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45
- https://github.com/usememos/memos/commit/c9bb2b785dc5852655405d5c9ab127a2d5aa3948
- https://huntr.dev/bounties/ff6d4b5a-5e75-4a14-b5ce-f318f8613b73
- https://huntr.dev/bounties/075dbd51-b078-436c-9e3d-7f25cd2e7e1b
- https://huntr.dev/bounties/38c685fc-7065-472d-a46e-e26bf0b556d3
- https://huntr.dev/bounties/2c7101bc-e6d8-4cd0-9003-bc8d86f4e4be