CVE-2023-1495

HIGH EPSS 49.1%
Published Mar 19, 20233y ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
High
Find Similar
Published Mar 19, 2023 3y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c9474f84e5f376dd2ade2078e3039961a9425da7. It is recommended to apply a patch to fix this issue. The identifier VDB-223381 was assigned to this vulnerability.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
49.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 1

VendorProductVersionRange
ruifang-techrebuild* ≤3.2.3

References 4

  • github.com https://github.com/getrebuild/rebuild/commit/c9474f84e5f376dd2ade2078e3039961a9425da7
    Patch
  • github.com https://github.com/getrebuild/rebuild/issues/594
    ExploitIssue TrackingThird Party Advisory
  • vuldb.com https://vuldb.com/?ctiid.223381
    Third Party Advisory
  • vuldb.com https://vuldb.com/?id.223381
    Third Party Advisory

Remediation

  • github.com https://github.com/getrebuild/rebuild/commit/c9474f84e5f376dd2ade2078e3039961a9425da7
    Patch