CVE-2024-4956
Nexus Repository 3 - Path Traversal
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
15
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
Path Traversal en Sonatype Nexus Repository 3 permite a un atacante no autenticado leer archivos del sistema. Corregido en la versiĆ³n 3.68.1.
*Credits:
Erick Fernando Xavier de Oliveira (erickfernandox)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-15 CVE Reserved
- 2024-05-16 CVE Published
- 2024-05-23 First Exploit
- 2024-06-01 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (16)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ifconfig-me/CVE-2024-4956-Bulk-Scanner | 2024-09-27 | |
| https://github.com/verylazytech/CVE-2024-4956 | 2024-09-19 | |
| https://github.com/fin3ss3g0d/CVE-2024-4956 | 2024-06-25 | |
| https://github.com/TypicalModMaker/CVE-2024-4956 | 2024-05-29 | |
| https://github.com/GoatSecurity/CVE-2024-4956 | 2024-05-29 | |
| https://github.com/codeb0ss/CVE-2024-4956-PoC | 2024-05-23 | |
| https://github.com/Praison001/CVE-2024-4956-Sonatype-Nexus-Repository-Manager | 2024-06-01 | |
| https://github.com/banditzCyber0x/CVE-2024-4956 | 2024-05-26 | |
| https://github.com/erickfernandox/CVE-2024-4956 | 2024-05-23 | |
| https://github.com/xungzzz/CVE-2024-4956 | 2024-05-23 | |
| https://github.com/JolyIrsb/CVE-2024-4956 | 2024-08-14 | |
| https://github.com/Cappricio-Securities/CVE-2024-4956 | 2024-06-21 | |
| https://github.com/thinhap/CVE-2024-4956-PoC | 2024-05-27 | |
| https://github.com/gmh5225/CVE-2024-4956 | 2024-05-23 | |
| https://github.com/UMASANKAR-MG/Path-Traversal-CVE-2024-4956 | 2024-09-26 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.sonatype.com/hc/en-us/articles/29416509323923 | 2024-05-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sonatype Search vendor "Sonatype" | Nexus Repository Search vendor "Sonatype" for product "Nexus Repository" | >= 3.0.0 <= 3.68.0 Search vendor "Sonatype" for product "Nexus Repository" and version " >= 3.0.0 <= 3.68.0" | en |
Affected
| ||||||