CVE-2024-29028
published 2024-04-19CVE-2024-29028: memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated…
PriorityP279medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.05%
60.0th percentile
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | usememos_memos | >= 0 < 0.16.1 | 0.16.1 |
| usememos | memos | < 0.16.1 | 0.16.1 |
| usememos | memos | >= 0.13.2 < 0.16.1 | 0.16.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated GET requests to /o/get/httpmeta with a 'url' query parameter pointing to external or internal hosts; a 200 response with JSON body containing 'title' key indicates successful SSRF exploitation.
- →Monitor for out-of-band DNS callbacks triggered by requests to /o/get/httpmeta?url=, which confirm blind SSRF reachability.
- →Shodan/FOFA exposure query: search for internet-facing Memos instances using title-based fingerprinting to identify attack surface.
- ·The SSRF endpoint /o/get/httpmeta is accessible without authentication, meaning no session token or credentials are required to trigger the vulnerability. ↗
- ·One of the SSRF vectors also leads to a reflected XSS vulnerability, potentially enabling full administrator account takeover beyond simple SSRF impact.
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos
osv·2024-08-06
CVE-2024-29028 memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos
OSV
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
osv·2024-08-05
CVE-2024-29028 [MEDIUM] memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
GHSA
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
ghsa·2024-08-05
CVE-2024-29028 [MEDIUM] CWE-918 memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
VulnCheck
usememos memos Server-Side Request Forgery (SSRF)
vulncheck·2024·CVSS 5.8
CVE-2024-29028 [MEDIUM] usememos memos Server-Side Request Forgery (SSRF)
usememos memos Server-Side Request Forgery (SSRF)
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
Affected: usememos memos
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2024-29028
No detection rules found.
Nuclei
Memos 0.13.2 - Server-Side Request Forgery
nuclei·CVSS 5.3
CVE-2024-29028 [MEDIUM] Memos 0.13.2 - Server-Side Request Forgery
Memos 0.13.2 - Server-Side Request Forgery
SSRF vulnerabilities exist in the memos API service `/o/get/httpmeta` that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the administrator account.
Template:
id: CVE-2024-29028
info:
name: Memos 0.13.2 - Server-Side Request Forgery
author: ritikchaddha
severity: medium
description: |
SSRF vulnerabilities exist in the memos API service `/o/get/httpmeta` that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control ov
No writeups or analysis indexed.
https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memoshttps://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos
2024-04-19
Published
Exploited in the wild