cbcvebase.
CVE-2024-29028
published 2024-04-19

CVE-2024-29028: memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated…

PriorityP279medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.05%
60.0th percentile
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.

Affected

3 ranges
VendorProductVersion rangeFixed in
github.comusememos_memos>= 0 < 0.16.10.16.1
usememosmemos< 0.16.10.16.1
usememosmemos>= 0.13.2 < 0.16.10.16.1

Detection & IOCsextracted from sources · hover to see the quote

url/o/get/httpmeta
path/o/get/httpmeta
commandGET /o/get/httpmeta?url=https://{{interactsh-url}}
  • Detect unauthenticated GET requests to /o/get/httpmeta with a 'url' query parameter pointing to external or internal hosts; a 200 response with JSON body containing 'title' key indicates successful SSRF exploitation.
  • Monitor for out-of-band DNS callbacks triggered by requests to /o/get/httpmeta?url=, which confirm blind SSRF reachability.
  • Shodan/FOFA exposure query: search for internet-facing Memos instances using title-based fingerprinting to identify attack surface.
  • ·The SSRF endpoint /o/get/httpmeta is accessible without authentication, meaning no session token or credentials are required to trigger the vulnerability.
  • ·One of the SSRF vectors also leads to a reflected XSS vulnerability, potentially enabling full administrator account takeover beyond simple SSRF impact.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.