Lucene search
GoogleOSV:GHSA-65FM-2JGR-J7QQHistoryAug 05, 2024 - 9:29 p.m.
memos vulnerable to Server-Side Request Forgery in /api/resource
2024-08-0521:29:24
Google
osv.dev
6
server-side request forgery
memos
authenticated users
internal network
vulnerability
software
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
AI Score
6.4
Confidence
High
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.
References
Related
nvd
nvd
CVE-2024-29030
2024-04-19 15:15:50
osv
osv
CVE-2024-29030
2024-04-19 15:15:50
cve
cve
CVE-2024-29030
2024-04-19 15:15:50
veracode
veracode
Server-Side Request Forgery (SSRF)
2024-04-24 10:03:25
vulnrichment
vulnrichment
CVE-2024-29030 memos vulnerable to an SSRF in /api/resource
2024-04-19 15:13:59
cvelist
cvelist
CVE-2024-29030 memos vulnerable to an SSRF in /api/resource
2024-04-19 15:13:59
github
github
memos vulnerable to Server-Side Request Forgery in /api/resource
2024-08-05 21:29:24
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
AI Score
6.4
Confidence
High
Related for OSV:GHSA-65FM-2JGR-J7QQ