admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 01:40:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create Sonatype_Nexus_Repository_Manager_File_Read_Vulnerability(CVE-2024-4956).md

Browse Source
This commit is contained in:
Goby 2024-05-23 19:00:10 +08:00 committed by GitHub
parent 1fc9260d3f
commit d926a3cf0e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Sonatype_Nexus_Repository_Manager_File_Read_Vulnerability(CVE-2024-4956).md Normal file
View File

@ -0,0 +1,13 @@
## Sonatype Nexus Repository Manager File Read Vulnerability(CVE-2024-4956)
| **Vulnerability** | Sonatype Nexus Repository Manager File Read Vulnerability(CVE-2024-4956) |
| :----: | :-----|
| **Chinese name** | Sonatype Nexus Repository Manager 文件读取漏洞CVE-2024-4956 |
| **CVSS core** | 7.5 |
| **FOFA Query** (click to view the results directly)| [ app="Sonatype-Nexus"](https://en.fofa.info/result?qbase64=Ym9keT0iL25leHVzLSIgJiYgYm9keT0iUmVwb3NpdG9yeSI%3D)|
| **Number of assets affected** | 93784 |
| **Description** | Nexus Repository Manager, commonly referred to as Nexus, is a product by Sonatype. It is currently the most popular repository management software globally, offering a powerful repository manager that greatly simplifies the maintenance of internal repositories and access to external repositories.In versions 3.0.0 to 3.68.0 of Sonatype Nexus Repository, there exists a path traversal vulnerability. An unauthenticated attacker can exploit this vulnerability by constructing malicious URLs containing sequences like "../../../../" to download arbitrary files from the target system, including files outside the scope of the Nexus Repository application. Successfully exploiting this vulnerability may lead to the disclosure of sensitive information such as application source code, configurations, and critical system files.|
| **Impact** | In versions 3.0.0 to 3.68.0 of Sonatype Nexus Repository, there exists a path traversal vulnerability. An unauthenticated attacker can exploit this vulnerability by constructing malicious URLs containing sequences like "../../../../" to download arbitrary files from the target system, including files outside the scope of the Nexus Repository application. Successfully exploiting this vulnerability may lead to the disclosure of sensitive information such as application source code, configurations, and critical system files.|
![](https://s3.bmp.ovh/imgs/2024/05/23/8b5ae355137fa582.gif)