CVE-2022-4683
published 2022-12-23CVE-2022-4683: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.
PriorityP430medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.38%
29.4th percentile
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | usememos_memos | >= 0 < 0.9.0 | 0.9.0 |
| usememos | memos | < 0.9.0 | 0.9.0 |
| usememos | usememos_memos | >= unspecified < 0.9.0 | 0.9.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
usememos/memos missing Secure cookie attribute in github.com/usememos/memos
osv·2024-08-21
CVE-2022-4683 usememos/memos missing Secure cookie attribute in github.com/usememos/memos
usememos/memos missing Secure cookie attribute in github.com/usememos/memos
usememos/memos missing Secure cookie attribute in github.com/usememos/memos
GHSA
usememos/memos missing Secure cookie attribute
ghsa·2022-12-23
CVE-2022-4683 [MEDIUM] CWE-311 usememos/memos missing Secure cookie attribute
usememos/memos missing Secure cookie attribute
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking.
OSV
usememos/memos missing Secure cookie attribute
osv·2022-12-23
CVE-2022-4683 [MEDIUM] usememos/memos missing Secure cookie attribute
usememos/memos missing Secure cookie attribute
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-23
Published