memos vulnerable to an SSRF in /o/get/httpmeta
CVE-2024-29028

5.3MEDIUM

Key Information:

Vendor: Usememos
Status: Memos
Vendor: CVE Published:; 19 April 2024

What is CVE-2024-29028?

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

memos < 0.16.1

References

https://github.com/usememos/memos/commit/6ffc09d86a1302c3...

x_refsource_CONFIRM

https://securitylab.github.com/advisories/GHSL-2023-154_G...

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024

JSON

Usememos

What is CVE-2024-29028?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.