Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1xY3cyLTQ5MnYtNTd4as4AAwkV

Moderate EPSS: 0.00168% (0.38571 Percentile) EPSS:
Permalink JSON

usememos/memos missing Secure cookie attribute

Affected Packages Affected Versions Fixed Versions
go:github.com/usememos/memos < 0.9.0 0.9.0
0 Dependent packages
0 Dependent repositories

Affected Version Ranges

All affected versions

0.0.1, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3

All unaffected versions

0.9.0, 0.9.1, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.12.2, 0.13.0, 0.13.1, 0.13.2, 0.14.0, 0.14.1, 0.14.2, 0.14.3, 0.14.4, 0.15.0, 0.15.1, 0.15.2, 0.16.0, 0.16.1, 0.17.0, 0.17.1, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.19.1, 0.20.0, 0.20.1, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.22.3, 0.22.4, 0.22.5, 0.23.0, 0.23.1, 0.24.0, 0.24.1, 0.24.2, 0.24.3, 0.24.4, 0.25.0

usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking.

References:

Identifiers

GHSA-qcw2-492v-57xj

CVE-2022-4683

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00168

EPSS Percentile: 0.38571

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/usememos/memos

Date and time

Published

over 2 years ago

Updated

about 2 years ago

API

JSON