CVE-2024-25294

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions REBUILD version 3.5

Description The issue allows a remote attacker to obtain sensitive information and execute arbitrary code. This is achieved via the FileDownloader.java and the proxyDownload and URL parameters.

Recommendations For REBUILD version 3.5, consider disabling the proxyDownload functionality and restricting access to the FileDownloader.java until a fix is available. Avoid using the URL parameter in the affected API endpoint until the issue is resolved.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2024-25294

Affected Products

Rebuild

CVE-2024-25294

Weakness Enumeration

Related Identifiers

Affected Products

References · 7