CVE Vulnerabilities

CVE-2024-25294

Published: Mar 20, 2024 | Modified: Mar 20, 2024

CVSS 3.x

N/A

Source:

NVD

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-25294
CWE	https://cwe.mitre.org/data/definitions/.html

An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters.

References

http://rebuild.com
https://deeply-capri-1c8.notion.site/REBUILD-V3-5-2023-12-11-SSRF-30324be04e00477eae472bf75f4f5e0d
https://github.com/getrebuild/rebuild/

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.