elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.
The vulnerability (CWE-918) involves the application accepting URLs from users and performing server-side requests based on them without proper verification. An attacker can supply a crafted URL pointing to internal network resources (e.g., services accessible only locally, cloud environment metadata). The lack of filtering of allowed schemes, hosts, and IP address ranges enables circumvention of perimeter security and access to resources unavailable directly from the outside.
An attacker can gain access to internal infrastructure resources (confidentiality, integrity, availability — all rated as HIGH), including network services not exposed publicly, potentially leading to further compromise of the environment.
Apply patches available from the vendor according to the references — the fix has been submitted in pull request #4428 in the usememos/memos GitHub repository. It is recommended to update to a version containing this patch and implement firewall rules restricting outgoing connections from the application server to trusted hosts.
Usememos Memos v0.23.0 (elestio distribution)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HUsememos Memos
APPUsememos0.23.0
Related vulnerabilities
Ujawnienie danych użytkownika przez osadzanie obrazków Markdown w Memos
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.