CVE-2023-1495

Name of the Vulnerable Software and Affected Versions Rebuild versions up to 3.2.3

Description A critical vulnerability was found in the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely.

Recommendations For Rebuild versions up to 3.2.3, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the /admin/robot/approval/list endpoint or disabling the queryListOfConfig function until a patch is available. Avoid using the argument q in the affected endpoint until the issue is resolved.