CVE-2024-41659
CVSS V2 None
CVSS V3 None
Description
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account.
Overview
- CVE ID
- CVE-2024-41659
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-20T19:54:08.182Z
- Last Modified Date
- 2024-08-20T19:54:08.182Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-2024-034_memos/ | x_refsource_CONFIRM |
| https://github.com/usememos/memos/blob/v0.20.1/server/server.go#L163 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-41659 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41659 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-21 13:06:04 | Added to TrackCVE |