CVE-2024-1098

Published: Jan 31, 2024Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455.

Affected (1)

Products: Ruifang Tech: Rebuild

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ruifang Tech Rebuild	Up to 3.5.5

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://vuldb.com/?ctiid.252455

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.252455

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.yuque.com/mailemonyeyongjuan/tha8tr/ouiw375l0m8mw5ls

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.252455

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.252455

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.yuque.com/mailemonyeyongjuan/tha8tr/ouiw375l0m8mw5ls

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.