Lucene search
GitHub_MCVE-2024-29030HistoryApr 19, 2024 - 3:15 p.m.
CVE-2024-29030
2024-04-1915:15:50
CWE-918
GitHub_M
web.nvd.nist.gov
32
ssrf
enumeration
internal network
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
EPSS
0.001
Percentile
26.4%
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.
Affected configurations
Node
usememosmemosRange<0.22.0
CNA Affected
[
{
"vendor": "usememos",
"product": "memos",
"versions": [
{
"version": "< 0.22.0",
"status": "affected"
}
]
}
]Related
osv
osv
memos vulnerable to Server-Side Request Forgery in /api/resource
2024-08-05 21:29:24
CVE-2024-29030
2024-04-19 15:15:50
nvd
nvd
CVE-2024-29030
2024-04-19 15:15:50
veracode
veracode
Server-Side Request Forgery (SSRF)
2024-04-24 10:03:25
vulnrichment
vulnrichment
CVE-2024-29030 memos vulnerable to an SSRF in /api/resource
2024-04-19 15:13:59
cvelist
cvelist
CVE-2024-29030 memos vulnerable to an SSRF in /api/resource
2024-04-19 15:13:59
github
github
memos vulnerable to Server-Side Request Forgery in /api/resource
2024-08-05 21:29:24
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
EPSS
0.001
Percentile
26.4%
Related for CVE-2024-29030