CVE-2024-1098 | Rebuild up to 3.5.5 /filex/proxy-download QiniuCloud.getStorageFile url information disclosure

Posted by Angelo Barbosa | Jan 31, 2024 | CVE

A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure.

The identification of this vulnerability is CVE-2024-1098. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

CVE-2024-1098 | Rebuild up to 3.5.5 /filex/proxy-download QiniuCloud.getStorageFile url information disclosure

Related Posts

CVE-2024-42140 | Linux Kernel up to 5.15.162/6.1.97/6.6.38/6.9.8 kexec machine_kexec_mask_interrupts deadlock

CVE-2024-1296 | Brizy Page Builder Plugin up to 2.4.40 on WordPress cross site scripting

CVE-2024-24890 | openEuler gala-gopher up to 1.0.2 on Linux os command injection

CVE-2024-36257 | Mattermost up to 9.5.5/9.8.0 Shared Channel access control