CVE-2024-4956
Nexus Repository 3 - Path Traversal
Vexday Risk Score
61High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 7.5EPSS 18.2%KEV nãoPoC públicaNuclei simMetasploit —Patch referenciado
Lifecycle
16 May 2024Published on NVD
23 May 2024Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Sonatype · Nexus Repositorypublic PoCs found — 18
githubgithub.com/ifconfig-me/CVE-2024-4956-Bulk-Scanner★ 17githubgithub.com/verylazytech/CVE-2024-4956★ 16githubgithub.com/fin3ss3g0d/CVE-2024-4956★ 9githubgithub.com/xungzzz/CVE-2024-4956★ 3githubgithub.com/GoatSecurity/CVE-2024-4956★ 3githubgithub.com/erickfernandox/CVE-2024-4956★ 3githubgithub.com/Cappricio-Securities/CVE-2024-4956★ 3githubgithub.com/gmh5225/CVE-2024-4956★ 2githubgithub.com/An00bRektn/shirocrack★ 2githubgithub.com/banditzCyber0x/CVE-2024-4956★ 1githubgithub.com/thinhap/CVE-2024-4956-PoC★ 1githubgithub.com/Praison001/CVE-2024-4956-Sonatype-Nexus-Repository-Manager★ 1githubgithub.com/UMASANKAR-MG/Path-Traversal-CVE-2024-4956★ 0githubgithub.com/JolyIrsb/CVE-2024-4956★ 0githubgithub.com/art-of-defence/CVE-2024-4956★ 0githubgithub.com/Buff3st-0v3rfl0w/CVE-2024-4956★ 0githubgithub.com/amalpvatayam67/day04-nexus-4956★ 0exploitdbwww.exploit-db.com/exploits/52101unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →