CVE-2024-1020

Name of the Vulnerable Software and Affected Versions Rebuild versions up to 3.5.5

Description A problematic vulnerability was found in Rebuild. The getStorageFile function of the file /filex/proxy-download is affected. The manipulation of the url argument leads to cross-site scripting. The attack can be launched remotely.

Recommendations For versions up to 3.5.5, consider disabling the getStorageFile function as a temporary workaround until a patch is available. Restrict access to the /filex/proxy-download file to minimize the risk of exploitation. Avoid using the url argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.