Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrUonghoangminhchau84973F6B-739A-4D7E-8757-FC58CBBAF6EF
HistoryDec 21, 2022 - 6:39 a.m.

Cookie without Secure attribute

2022-12-2106:39:03
uonghoangminhchau
www.huntr.dev
7
memos_session
web demo
secure flag
browser's dev tool
bug bounty

EPSS

0.001

Percentile

31.0%

JSON

Description

At the moment, memos_session has the value false at secure flag.

Proof of Concept

  1. Access to web demo https://demo.usememos.com/

  2. Use browser’s dev tool to check the cookie, we can see there is a memos_session having value false at Secure.

Related

prion 1
osv 3
cve 1
github 1
nvd 1
veracode 1
cvelist 1
prion
prion
Session fixation
2022-12-23 12:15:00
osv
osv
usememos/memos missing Secure cookie attribute
2022-12-23 12:30:25
CVE-2022-4683
2022-12-23 12:15:08
usememos/memos missing Secure cookie attribute in github.com/usememos/memos
2024-08-21 16:03:59
cve
cve
CVE-2022-4683
2022-12-23 12:15:08
github
github
usememos/memos missing Secure cookie attribute
2022-12-23 12:30:25
nvd
nvd
CVE-2022-4683
2022-12-23 12:15:08
veracode
veracode
Information Disclosure
2022-12-27 07:21:30
cvelist
cvelist
CVE-2022-4683 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in usememos/memos
2022-12-23 00:00:00

EPSS

0.001

Percentile

31.0%

JSON
Related for 84973F6B-739A-4D7E-8757-FC58CBBAF6EF
prion1osv3cve1github1nvd1veracode1cvelist1