PT-2024-22683 · Memos · Memos
Kevin Stubbings
+1
·
Published
2024-04-18
·
Updated
2025-07-07
·
CVE-2024-29030
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
memos versions 0.13.2 through 0.21.x
Description
The issue is related to a Server-Side Request Forgery (SSRF) vulnerability. It exists at the
/api/resource endpoint, allowing authenticated users to enumerate the internal network.Recommendations
For memos versions 0.13.2 through 0.21.x, update to version 0.22.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
/api/resource endpoint until a patch is available.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Memos