cbcvebase.
CVE-2024-41659
published 2024-08-20

CVE-2024-41659: memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected…

PriorityP347high8.1CVSS 3.1
AVNACLPRNUIRSUCHIHAN
EPSS
0.61%
44.6th percentile
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account. This vulnerability is fixed in 0.21.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
github.comusememos_memos>= 0 < 0.21.00.21.0
usememosmemos< 0.21.00.21.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.