From d926a3cf0eb95998acc7556e84c14909bb9ad33c Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Thu, 23 May 2024 19:00:10 +0800
Subject: [PATCH] Create
 Sonatype_Nexus_Repository_Manager_File_Read_Vulnerability(CVE-2024-4956).md

---
 ...anager_File_Read_Vulnerability(CVE-2024-4956).md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 Sonatype_Nexus_Repository_Manager_File_Read_Vulnerability(CVE-2024-4956).md

diff --git a/Sonatype_Nexus_Repository_Manager_File_Read_Vulnerability(CVE-2024-4956).md b/Sonatype_Nexus_Repository_Manager_File_Read_Vulnerability(CVE-2024-4956).md
new file mode 100644
index 0000000..791a775
--- /dev/null
+++ b/Sonatype_Nexus_Repository_Manager_File_Read_Vulnerability(CVE-2024-4956).md
@@ -0,0 +1,13 @@
+
+## 		Sonatype Nexus Repository Manager File Read Vulnerability(CVE-2024-4956)
+
+|   **Vulnerability**  | 	Sonatype Nexus Repository Manager File Read Vulnerability(CVE-2024-4956) |
+| :----:   | :-----|
+|  **Chinese name**  |		Sonatype Nexus Repository Manager 文件读取漏洞（CVE-2024-4956） |
+| **CVSS core**  | 	7.5 |
+| **FOFA Query**  (click to view the results directly)| [	app="Sonatype-Nexus"](https://en.fofa.info/result?qbase64=Ym9keT0iL25leHVzLSIgJiYgYm9keT0iUmVwb3NpdG9yeSI%3D)|
+| **Number of assets affected**  | 	93784 |
+| **Description**  | Nexus Repository Manager, commonly referred to as Nexus, is a product by Sonatype. It is currently the most popular repository management software globally, offering a powerful repository manager that greatly simplifies the maintenance of internal repositories and access to external repositories.In versions 3.0.0 to 3.68.0 of Sonatype Nexus Repository, there exists a path traversal vulnerability. An unauthenticated attacker can exploit this vulnerability by constructing malicious URLs containing sequences like "../../../../" to download arbitrary files from the target system, including files outside the scope of the Nexus Repository application. Successfully exploiting this vulnerability may lead to the disclosure of sensitive information such as application source code, configurations, and critical system files.|
+| **Impact** | 	In versions 3.0.0 to 3.68.0 of Sonatype Nexus Repository, there exists a path traversal vulnerability. An unauthenticated attacker can exploit this vulnerability by constructing malicious URLs containing sequences like "../../../../" to download arbitrary files from the target system, including files outside the scope of the Nexus Repository application. Successfully exploiting this vulnerability may lead to the disclosure of sensitive information such as application source code, configurations, and critical system files.|
+
+![](https://s3.bmp.ovh/imgs/2024/05/23/8b5ae355137fa582.gif)