CVE-2023-5036 – This CSRF vulnerability in the memos applicatio... (How to Fix)

Q: What is the severity of CVE-2023-5036?

CVE-2023-5036 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in the memos application allows attackers to trick authenticated users into performing unintended actions by crafting malicious requests. It affects all users running memos versions prior to 0.15.1 who are authenticated to the application.

📋 TL;DR

This CSRF vulnerability in the memos application allows attackers to trick authenticated users into performing unintended actions by crafting malicious requests. It affects all users running memos versions prior to 0.15.1 who are authenticated to the application.

💻 Affected Systems

Products:

usememos/memos

Versions: All versions prior to 0.15.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects authenticated users; anonymous users are not vulnerable.

📦 What is this software?

Memos by Usememos

View all CVEs affecting Memos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could create, modify, or delete memos, change user settings, or perform administrative actions on behalf of authenticated users without their consent.

🟠

Likely Case

Attackers could create or modify memos, potentially injecting malicious content or disrupting legitimate user workflows.

🟢

If Mitigated

With proper CSRF protections, all cross-origin requests would be blocked, preventing exploitation entirely.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement; exploitation requires the victim to be authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.15.1

Vendor Advisory: https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536

Restart Required: Yes

Instructions:

1. Backup your memos data. 2. Stop the memos service. 3. Update to version 0.15.1 or later. 4. Restart the memos service. 5. Verify the update was successful.

🔧 Temporary Workarounds

Implement CSRF tokens manually

all

Add CSRF token validation to all state-changing endpoints

Use SameSite cookies

all

Configure session cookies with SameSite=Strict attribute

🧯 If You Can't Patch

Implement a reverse proxy with CSRF protection
Restrict access to memos to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Check if running memos version earlier than 0.15.1

Check Version:

Check memos web interface settings or docker container version

Verify Fix Applied:

Confirm version is 0.15.1 or later and test CSRF protection

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests from unexpected origins
Multiple failed state-changing operations

Network Indicators:

Cross-origin POST requests without CSRF tokens
Requests with mismatched Origin/Referer headers

SIEM Query:

web_requests WHERE (method = 'POST' AND origin != referer) AND (path CONTAINS '/api/' OR path CONTAINS '/memos/')

📊 Metadata

CVE ID: CVE-2023-5036

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: September 18, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536 Patch
https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d Exploit,Patch,Third Party Advisory
https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536 Patch
https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5036, you might also want to check these: