17 matches found
PT-2025-40785
Name of the Vulnerable Software and Affected Versions Rebuild versions up to 4.1.3 Description A security flaw exists in Rebuild’s Comment/Guestbook component, potentially allowing for cross site scripting. Remote manipulation of an unknown functionality within the component can trigger this issu...
EUVD-2024-16797
Malicious code in bioql PyPI...
EUVD-2024-54910
Malicious code in bioql PyPI...
EUVD-2024-16873
Malicious code in bioql PyPI...
CVE-2024-46413
Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery SSRF via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreControllerloadDataIndex method...
CVE-2024-46413
CVE-2024-46413 concerns Rebuild v3.7.7, where the SSRF vulnerability is triggered via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex function. The issue originates in the RBStoreController loadDataIndex path and exposes the system to server-side requests t...
CVE-2024-1020
A vulnerability classified as problematic was found in Rebuild up to 3.5.5. Affected by this vulnerability is the function getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The exploit has bee...
CVE-2024-1099
A vulnerability was found in Rebuild up to 3.5.5. It has been classified as problematic. Affected is the function getFileOfData of the file /filex/read-raw. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2022-30049
A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
Rebuild 代码注入漏洞
Rebuild is a highly customizable enterprise management system. A code injection vulnerability exists in Rebuild version 3.8.5, which stems from a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code...
CVE-2024-52550
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer approv...
CVE-2024-24788
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop...
Rebuild 安全漏洞
Rebuild is a highly customizable enterprise management system. A security vulnerability exists in Rebuild v.3.5 that stems from the presence of a Server Request Forgery SSRF vulnerability. The vulnerability can be exploited by an attacker to obtain sensitive information and execute arbitrary code...
PT-2024-16113 · Rebuild · Rebuild
Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.5.5 Description: A problematic vulnerability was found in Rebuild. The getStorageFile function of the file /filex/proxy-download is affected. The manipulation of the url argument leads to cross-site scripting. The...
CVE-2023-2474
A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to chan...
CVE-2023-1495 Rebuild list queryListOfConfig sql injection
A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been...