Lucene search

GoogleOSV:CVE-2024-29029

HistoryApr 19, 2024 - 4:15 p.m.

CVE-2024-29029

2024-04-1916:15:09

Google

osv.dev

privacy-first

lightweight

note-taking service

ssrf vulnerability

unauthenticated users

internal network

reflected xss

software

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability.

References

github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29

github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5

securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON

Related for OSV:CVE-2024-29029