CVE-2024-29028

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
Configurations

No configuration.

History

21 Nov 2024, 09:07

Type Values Removed Values Added
Summary
  • (es) Memos es un servicio de toma de notas liviano y que prioriza la privacidad. En memos 0.13.2, existe una vulnerabilidad SSRF en /o/get/httpmeta que permite a usuarios no autenticados enumerar la red interna y recibir valores html limitados en formato json. Esta vulnerabilidad se solucionó en 0.16.1.
References () https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9 - () https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9 -
References () https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos - () https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos -

19 Apr 2024, 16:19

Type Values Removed Values Added
Summary (en) memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. (en) memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
References
  • {'url': 'https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/', 'source': 'security-advisories@github.com'}
  • () https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9 -
  • () https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos -

19 Apr 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-19 15:15

Updated : 2024-11-21 09:07


NVD link : CVE-2024-29028

Mitre link : CVE-2024-29028

CVE.ORG link : CVE-2024-29028


JSON object : View

Products Affected

No product.

CWE
CWE-918

Server-Side Request Forgery (SSRF)