Main Vulnerability Database Vulnerabilities #VU118841

#VU118841 Insufficient session expiration in memos - CVE-2024-21635

Published: November 28, 2025

Vulnerability identifier: #VU118841

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-21635

CWE-ID: CWE-613

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
memos

Software vendor:
memos

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to the application does not invalidate tokens after password change. The access token remains valid and allows an attacker to gain access to the victim's account even after the victim changes their password.

Remediation

Install updates from vendor's website.

External links

https://github.com/usememos/memos/security/advisories/GHSA-mr34-8733-grr2

#VU118841 Insufficient session expiration in memos - CVE-2024-21635

Description

Remediation

External links

Please verify you're human