CVE-2024-29029 - Vulnerability Details - OpenCVE

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Memos	Memos
Usememos	Memos

Configuration 1 [-]

cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29
https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5
https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/

History

Thu, 02 Jan 2025 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Usememos Usememos memos
CPEs		cpe:2.3:a:usememos:memos::::::::
Vendors & Products		Usememos Usememos memos

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-19T15:14:09.993Z

Updated: 2024-08-02T01:03:51.649Z

Reserved: 2024-03-14T16:59:47.612Z

Link: CVE-2024-29029

Vulnrichment

Updated: 2024-04-19T18:10:36.654Z

NVD

Status : Analyzed

Published: 2024-04-19T16:15:09.853

Modified: 2025-01-02T20:46:24.867

Link: CVE-2024-29029

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29029", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-14T16:59:47.612Z", "datePublished": "2024-04-19T15:14:09.993Z", "dateUpdated": "2024-08-02T01:03:51.649Z"}, "containers": {"cna": {"title": "memos vulnerable to an SSRF in /o/get/image", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", "tags": ["x_refsource_CONFIRM"], "url": "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/"}, {"name": "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", "tags": ["x_refsource_MISC"], "url": "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5"}, {"name": "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", "tags": ["x_refsource_MISC"], "url": "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29"}], "affected": [{"vendor": "usememos", "product": "memos", "versions": [{"version": "< 0.22.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-31T20:27:52.422Z"}, "descriptions": [{"lang": "en", "value": "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file."}], "source": {"advisory": "GHSA-9cqm-mgv9-vv9j", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29029", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-19T18:15:39.463794Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:memos:memos:0.13.2:*:*:*:*:*:*:*"], "vendor": "memos", "product": "memos", "versions": [{"status": "affected", "version": "0.13.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:58:18.206Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:03:51.649Z"}, "title": "CVE Program Container", "references": [{"name": "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/"}, {"name": "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5"}, {"name": "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29029", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-19T18:15:39.463794Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:memos:memos:0.13.2:*:*:*:*:*:*:*"], "vendor": "memos", "product": "memos", "versions": [{"status": "affected", "version": "0.13.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-19T18:10:36.654Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "memos vulnerable to an SSRF in /o/get/image", "source": {"advisory": "GHSA-9cqm-mgv9-vv9j", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "usememos", "product": "memos", "versions": [{"status": "affected", "version": "< 0.22.0"}]}], "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", "name": "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", "name": "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", "name": "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-31T20:27:52.422Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29029", "state": "PUBLISHED", "dateUpdated": "2024-07-31T20:27:52.422Z", "dateReserved": "2024-03-14T16:59:47.612Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-19T15:14:09.993Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8EB3231-6B7C-45F5-80C6-F71A853130C2", "versionEndExcluding": "0.22.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file."}, {"lang": "es", "value": "Memos es un servicio de toma de notas liviano y que prioriza la privacidad. En memos 0.13.2, existe una vulnerabilidad SSRF en /o/get/image que permite a usuarios no autenticados enumerar la red interna y recuperar im\u00e1genes. Luego, la respuesta de la solicitud de imagen se copia en la respuesta de la solicitud del servidor actual, lo que provoca una vulnerabilidad XSS reflejada."}], "id": "CVE-2024-29029", "lastModified": "2025-01-02T20:46:24.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-19T16:15:09.853", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}