Plattform
java
Komponente
com.reposilite:reposilite-backend
Behoben in
3.3.1
3.5.12
CVE-2024-36117 is a Path Traversal vulnerability discovered in Reposilite Backend. This flaw allows attackers to read arbitrary files on the server by manipulating the resource path within javadoc requests. The vulnerability impacts Reposilite Backend versions before 3.5.12 and can lead to unauthorized access to sensitive information. A fix is available in version 3.5.12.
The vulnerability lies in the handling of expanded javadoc files within the /javadoc/{repository}/<gav>/raw/<resource> endpoint. An attacker can craft a malicious <resource> path containing path traversal sequences (e.g., ../..) to navigate outside the intended javadocUnpackPath directory. This allows them to read files they shouldn't have access to, such as configuration files, source code, or other sensitive data stored on the server. The potential impact includes data breaches, compromise of credentials, and potential for further exploitation if sensitive files contain valuable information. This vulnerability shares similarities with other path traversal exploits where attackers leverage predictable file paths to gain unauthorized access.
CVE-2024-36117 was publicly disclosed on 2024-11-04. There is no indication of active exploitation at this time, nor is it listed on the CISA KEV catalog. Public proof-of-concept exploits are currently unavailable, but the vulnerability's nature makes it likely that one will emerge. The vulnerability's ease of exploitation (requiring only crafted URL parameters) suggests a medium probability of exploitation if a PoC is released.
Organizations using Reposilite Backend for artifact repository management, particularly those with publicly accessible javadoc endpoints or those who have not implemented strict access controls, are at risk. Shared hosting environments where multiple users share the same Reposilite instance are also particularly vulnerable.
• linux / server:
find /opt/reposilite/javadocUnpackPath -type f -name '*.*' -print0 | xargs -0 grep -i 'sensitive_data'• generic web:
curl -I 'http://your-reposilite-instance/javadoc/your-repo/your-gav/raw/../../../../etc/passwd' • java: Monitor Reposilite logs for unusual file access patterns or errors related to file reading from unexpected locations.
disclosure
Exploit-Status
EPSS
77.57% (99% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade Reposilite Backend to version 3.5.12 or later, which includes the fix for this vulnerability. If upgrading immediately is not possible, consider implementing temporary workarounds. One approach is to restrict access to the /javadoc endpoint to trusted users or networks. Another is to implement input validation on the <resource> parameter to prevent path traversal sequences. Additionally, consider using a Web Application Firewall (WAF) to filter requests containing suspicious path characters. After upgrading, verify the fix by attempting to access a file outside the intended javadocUnpackPath directory via the /javadoc endpoint; the request should be denied.
Actualice Reposilite a la versión 3.5.12 o superior. Esta versión corrige la vulnerabilidad de path traversal que permite la lectura arbitraria de archivos. La actualización se puede realizar descargando la nueva versión desde el sitio web oficial o utilizando el gestor de dependencias correspondiente.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-36117 is a Path Traversal vulnerability in Reposilite Backend versions before 3.5.12, allowing attackers to read arbitrary files via manipulated javadoc requests.
You are affected if you are running Reposilite Backend versions prior to 3.5.12. Check your version and upgrade immediately if vulnerable.
Upgrade to Reposilite Backend version 3.5.12 or later to patch the vulnerability. Consider temporary workarounds like restricting access to the /javadoc endpoint if immediate upgrade is not possible.
There is currently no confirmed active exploitation of CVE-2024-36117, but the vulnerability's nature suggests a potential for future exploitation.
Refer to the official Reposilite security advisory for detailed information and updates: [https://github.com/dzikoysk/reposilite/security/advisories/GHSA-9999](https://github.com/dzikoysk/reposilite/security/advisories/GHSA-9999)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.