High severityNVD Advisory· Published Sep 1, 2023· Updated Oct 1, 2024

Improper Privilege Management in usememos/memos

CVE-2023-4697

Description

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper privilege management in usememos/memos prior to 0.13.2 allows attackers to bypass access token validation, leading to unauthorized access.

The vulnerability is an improper privilege management flaw in usememos/memos versions prior to 0.13.2 [1]. The root cause is insufficient validation of access tokens; while the token format is checked, the token's validity (e.g., expiration or revocation) is not verified [3].

An attacker can exploit this by presenting an expired or invalid access token to the application. Since the middleware only validates the token's structure and not its validity, the attacker is granted the privileges associated with the token [3][4].

Successful exploitation allows an attacker to gain unauthorized access to the system and potentially escalate privileges, impacting confidentiality and integrity [1].

The issue was fixed in commit c9aa2eeb9852047e4f41915eb30726bd25f07ecd by adding a check for the token's Valid field [3]. Users should upgrade to version 0.13.2 or later [1].

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/usememos/memosGo	< 0.13.2	0.13.2

Affected products

ghsa-coords
pkg:golang/github.com/usememos/memos
Range: < 0.13.2
usememos/usememos/memosv5
Range: unspecified

Patches

c9aa2eeb9852

fix: validate access token (#1867)

https://github.com/usememos/memosCorrectRoadHJun 30, 2023via ghsa

commit

1 file changed · +5 −0

server/jwt.go+5 −0 modified

@@ -111,6 +111,11 @@ func JWTMiddleware(server *Server, next echo.HandlerFunc, secret string) echo.Ha
 			}
 			return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
 		})
+
+		if !accessToken.Valid {
+			return echo.NewHTTPError(http.StatusUnauthorized, "Invalid access token.")
+		}
+
 		if !audienceContains(claims.Audience, auth.AccessTokenAudienceName) {
 			return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("Invalid access token, audience mismatch, got %q, expected %q.", claims.Audience, auth.AccessTokenAudienceName))
 		}

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-5j6p-59cj-j6cpghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-4697ghsaADVISORY
github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecdghsaWEB
huntr.dev/bounties/3ff3325a-1dcb-4da7-894d-81a9cf726d81ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000