CVE-2022-30049 - A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP addres

CVE-2022-30049

Summary

A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter.

References

https://github.com/getrebuild/rebuild/issues/460

Vulnerable Configurations

cpe:2.3:a:ruifang-tech:rebuild:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:ruifang-tech:rebuild:2.8.3:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 29-10-2022 - 02:57)
Impact:
Exploitability:

CWE

CWE-918

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

Last major update

29-10-2022 - 02:57

Published

15-05-2022 - 17:15

Last modified

29-10-2022 - 02:57