usememos Memos Identity Provider Service Access Control Vulnerability

A broken access control vulnerability has been identified in the Identity Provider service of usememos Memos version 0.25.2. This vulnerability allows low-privileged users to arbitrarily modify or delete registered identity providers. The issue arises from missing authorization checks, which can lead to account takeover or a denial-of-service condition by disrupting the identity provider management process.

Impact

Exploitation of this vulnerability could result in unauthorized modifications or deletions of identity providers, causing account takeovers or denial-of-service conditions.

Reproduction

Low-privileged users can delete identity providers, causing a denial-of-service by disrupting the sign-in process. Additionally, they can modify identity provider configurations, including sensitive information like client secrets, which can be exploited to impersonate the Memos instance at the identity provider.

Remediation

Users can update to Memos version 0.25.3, which addresses this vulnerability by adding the necessary authorization checks. Instructions for updating are available in the Memos documentation.