CVE-2024-29029

{"id": "CVE-2024-29029", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-04-19T16:15:09.853", "references": [{"url": "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-918"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file."}, {"lang": "es", "value": "Memos es un servicio de toma de notas liviano y que prioriza la privacidad. En memos 0.13.2, existe una vulnerabilidad SSRF en /o/get/image que permite a usuarios no autenticados enumerar la red interna y recuperar im\u00e1genes. Luego, la respuesta de la solicitud de imagen se copia en la respuesta de la solicitud del servidor actual, lo que provoca una vulnerabilidad XSS reflejada."}], "lastModified": "2025-01-02T20:46:24.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8EB3231-6B7C-45F5-80C6-F71A853130C2", "versionEndExcluding": "0.22.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}