Cyber Resilience

CVE-2024-1021

MediumPublic PoC

Published: 29 January 2024

Published
29 January 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.9290 99.8th percentile
Risk Priority 68 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-1021 is a medium-severity SSRF (CWE-918) vulnerability in Ruifang-Tech Rebuild. Its CVSS base score is 6.3 (Medium).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A critical server-side request forgery vulnerability exists in Rebuild up to version 3.5.5 within the readRawText function of the HTTP Request Handler component. The flaw, tracked as CWE-918, arises from insufficient validation of the url argument supplied to the handler, allowing an attacker to direct the server to issue arbitrary outbound requests.

The issue is remotely exploitable by an authenticated user with low privileges and requires no user interaction. Successful exploitation yields limited impacts to confidentiality, integrity, and availability, consistent with the CVSS 6.3 rating. Public exploit code has been disclosed, enabling attackers to leverage the SSRF primitive for internal network reconnaissance or interaction with adjacent services.

The associated EPSS score currently stands at 0.9290 with a recorded peak of 0.9322, indicating sustained exploitation interest following disclosure. Reference entries on VulDB and related disclosure pages do not detail vendor patches or configuration mitigations.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery.…

more

The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ruifang-tech
rebuild
≤ 3.5.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

References