CVE-2023-4696

Description

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.

NVD

Severity: CRITICAL
CVE ID: CVE-2023-4696
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

huntr.dev

Severity: CRITICAL
CVE ID: CVE-2023-4696
CVSS Score: 9.8
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

mnqazi

https://medium.com/@mnqazi/cve-2023-4696-account-takeover-due-to-improper-handling-of-jwt-tokens-in-memos-v0-13-2-13104e1412f3

Refrence: GitHub