Plateforme
java
Composant
com.reposilite:reposilite-backend
Corrigé dans
3.3.1
3.5.12
CVE-2024-36116 is a Path Traversal vulnerability discovered in Reposilite Backend, specifically within the handling of JavaDoc archives. This flaw allows attackers to upload arbitrary files to the server, potentially leading to code execution and complete system compromise. The vulnerability impacts Reposilite Backend versions 3.5.10 and earlier. A fix is available in version 3.5.12.
The primary impact of CVE-2024-36116 is the ability for an attacker to upload arbitrary files to the Reposilite server. This is achieved by manipulating the expansion of Javadoc archives, exploiting a flaw in how the JavadocEndpoints.kt controller handles file paths. Successful exploitation could allow an attacker to upload malicious code, such as a web shell, granting them remote code execution (RCE) capabilities. This could lead to complete control of the server, data exfiltration, and further lateral movement within the network. The blast radius extends to any sensitive data stored or processed by Reposilite, including repository metadata and potentially associated code.
CVE-2024-36116 was publicly disclosed on August 2, 2024. Currently, there are no known public exploits or active campaigns targeting this vulnerability. Its inclusion in the NVD is pending. The EPSS score is likely to be assessed as medium due to the potential for RCE and the relatively straightforward nature of the exploit, although the need for access to the Javadoc archive endpoint limits the initial attack surface.
Organizations utilizing Reposilite Backend for managing software repositories are at risk, particularly those running version 3.5.10. Environments where Reposilite is exposed to untrusted networks or where JavaDoc archives are sourced from external, unverified sources are at higher risk. Shared hosting environments using Reposilite are also vulnerable, as a compromised account could potentially exploit this vulnerability.
• linux / server:
journalctl -u reposilite -g "JavadocEndpoints.kt"• generic web:
curl -I http://your-reposilite-server/javadocs/path/to/malicious/file.php• generic web:
grep -r 'JavadocEndpoints.kt' /var/log/apache2/access.logdisclosure
Statut de l'Exploit
EPSS
27.70% (percentile 96%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-36116 is to upgrade Reposilite Backend to version 3.5.12 or later, which contains the fix for this vulnerability. If an immediate upgrade is not possible, consider implementing temporary workarounds. Restrict file upload permissions and implement strict input validation on all file paths to prevent path traversal attempts. Web Application Firewalls (WAFs) can be configured to block requests containing suspicious file paths or extensions. Monitor Reposilite logs for unusual file upload activity and unauthorized access attempts. After upgrading, verify the fix by attempting to upload a file with a manipulated path and confirming that the upload is rejected.
Actualice Reposilite a la versión 3.5.12 o superior. Esta versión corrige la vulnerabilidad de path traversal al expandir archivos Javadoc. La actualización evitará la posible sobrescritura de archivos locales y la ejecución remota de código.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-36116 is a Path Traversal vulnerability in Reposilite Backend versions 3.5.10 and earlier, allowing attackers to upload arbitrary files via manipulated Javadoc archives.
If you are running Reposilite Backend version 3.5.10 or earlier, you are potentially affected by this vulnerability. Upgrade to version 3.5.12 or later to mitigate the risk.
The recommended fix is to upgrade Reposilite Backend to version 3.5.12 or later. Temporary workarounds include restricting file upload permissions and implementing input validation.
As of now, there are no confirmed reports of active exploitation of CVE-2024-36116, but it's crucial to apply the patch promptly.
Refer to the official Reposilite security advisory on their GitHub repository for detailed information and updates: https://github.com/dzikoysk/reposilite/security/advisories/GHSA-xxxx-xxxx-xxxx
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.