← volver
CVE-2024-4956

Nexus Repository 3 - Path Traversal

CVSS 7.5 HIGHEPSS 18.2%CWE-22
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Sonatype · Nexus Repository
PoCs públicas encontradas18
githubgithub.com/ifconfig-me/CVE-2024-4956-Bulk-Scanner17githubgithub.com/verylazytech/CVE-2024-495616githubgithub.com/fin3ss3g0d/CVE-2024-49569githubgithub.com/xungzzz/CVE-2024-49563githubgithub.com/GoatSecurity/CVE-2024-49563githubgithub.com/erickfernandox/CVE-2024-49563githubgithub.com/Cappricio-Securities/CVE-2024-49563githubgithub.com/gmh5225/CVE-2024-49562githubgithub.com/An00bRektn/shirocrack2githubgithub.com/banditzCyber0x/CVE-2024-49561githubgithub.com/thinhap/CVE-2024-4956-PoC1githubgithub.com/Praison001/CVE-2024-4956-Sonatype-Nexus-Repository-Manager1githubgithub.com/UMASANKAR-MG/Path-Traversal-CVE-2024-49560githubgithub.com/JolyIrsb/CVE-2024-49560githubgithub.com/art-of-defence/CVE-2024-49560githubgithub.com/Buff3st-0v3rfl0w/CVE-2024-49560githubgithub.com/amalpvatayam67/day04-nexus-49560exploitdbwww.exploit-db.com/exploits/52101no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://support.sonatype.com/hc/en-us/articles/29416509323923