Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-29028

MEDIUM
Published 2024-04-19T15:14:02.607Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-29028. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
5.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.001
probability
of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.229
Higher than 22.9% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
LOW
Integrity
NONE
Availability
NONE

Description

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.

Available Exploits

Memos 0.13.2 - Server-Side Request Forgery

SSRF vulnerabilities exist in the memos API service `/o/get/httpmeta` that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the administrator account.

ID: CVE-2024-29028
Author: ritikchaddha Medium

References:

Related News

No news articles found for this CVE.

Affected Products

usememos

memos

Affected Versions:

< 0.16.1
usememos

memos

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta

GHSA-6fcf-g3mp-xj2x

Advisory Details

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.

Affected Packages

Go github.com/usememos/memos
ECOSYSTEM: ≥0 <0.16.1

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-29028
WEB https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9
PACKAGE https://github.com/usememos/memos
ADVISORY https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos

Advisory provided by GitHub Security Advisory Database. Published: August 5, 2024, Modified: August 5, 2024

References

https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9
https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos
Published: 2024-04-19T15:14:02.607Z
Last Modified: 2024-08-07T17:47:02.151Z
Copied to clipboard!