CVE-2024-1098
Rebuild proxy-download QiniuCloud.getStorageFile information disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455.
Una vulnerabilidad fue encontrada en Rebuild hasta 3.5.5 y clasificada como problemática. Este problema afecta la función QiniuCloud.getStorageFile del archivo /filex/proxy-download. La manipulación del argumento URL conduce a la divulgación de información. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252455.
Eine problematische Schwachstelle wurde in Rebuild bis 3.5.5 gefunden. Davon betroffen ist die Funktion QiniuCloud.getStorageFile der Datei /filex/proxy-download. Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-31 CVE Reserved
- 2024-01-31 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.252455 | Technical Description |
URL | Date | SRC |
---|---|---|
https://www.yuque.com/mailemonyeyongjuan/tha8tr/ouiw375l0m8mw5ls | 2024-08-01 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ruifang-tech Search vendor "Ruifang-tech" | Rebuild Search vendor "Ruifang-tech" for product "Rebuild" | <= 3.5.5 Search vendor "Ruifang-tech" for product "Rebuild" and version " <= 3.5.5" | - |
Affected
|