CVE-2024-21635

Name of the Vulnerable Software and Affected Versions Memos versions up to and including 0.18.1

Description Memos is a note-taking service that utilizes Access Tokens for application authentication. A flaw exists where Access Tokens remain valid even after a user changes their password. This means that if an account is compromised, an attacker retaining a valid Access Token will continue to have access even after the user updates their credentials. The user must manually revoke the attacker’s Access Token to regain full security. The Access Tokens list includes a generic Description, making it difficult to identify malicious tokens. There is no known patched version available at this time. The issue centers around the persistence of valid Access Tokens after a password change, potentially allowing unauthorized access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.