CVE-2024-36117
published 2024-06-19CVE-2024-36117: Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an…
PriorityP178high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.15%
86.3th percentile
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dzikoysk | reposilite | — | — |
| reposilite | reposilite | >= 3.3.0 < 3.5.12 | 3.5.12 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect path traversal attempts against the /javadoc/ endpoint using mixed encoding (backslash %5c and forward slash %2f) in the URL path targeting reposilite.db ↗
- →Use Shodan favicon hash 1212523028 to identify exposed Reposilite instances on the internet for proactive scanning ↗
- ·The path traversal payload uses a mixed-encoding technique combining %5c (backslash) and %2f (forward slash) sequences; detection rules must account for both encoded forms and their combinations to avoid bypass ↗
- ·The vulnerability is exploitable without authentication (PR:N, UI:N per CVSS), so no credential-based detection filtering should be applied — all requests to /javadoc/.*/raw/ containing traversal sequences should be flagged ↗
- ·Affected versions are Reposilite >= 3.3.0 and < 3.5.12; version fingerprinting should be used to scope detection to vulnerable instances ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)
osv·2024-11-04
CVE-2024-36117 [HIGH] Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)
### Summary
Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files.
### Details
The problem lies in the way how the expanded javadoc files are served. The `GET /javadoc/{repository}//raw/` route uses the `` path parameter to find the file in the `javadocUnpackPath` directory and returns it's content to the user.
[JavadocFacade.kt#L77](https://github.com/dzikoysk/reposilite/blob/68b73f19dc9811ccf10936430cf17f7b0e622bd6/reposilite-backend/src/main/kotlin/com/reposilite/javadocs/JavadocFacade.kt#L77):
```kotlin
fun findRawJavadocResource(request: JavadocRawRequest): Result =
with (request) {
mavenFacade
GHSA
Duplicate Advisory: Reposilite Arbitrary File Read vulnerability
ghsa·2024-08-05
CVE-2024-36117 [HIGH] CWE-22 Duplicate Advisory: Reposilite Arbitrary File Read vulnerability
Duplicate Advisory: Reposilite Arbitrary File Read vulnerability
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-82j3-hf72-7x93. This link is maintained to preserve external references.
## Original description
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.
VulnCheck
reposilite reposilite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2024·CVSS 8.6
CVE-2024-36117 [HIGH] reposilite reposilite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
reposilite reposilite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.
Affected: reposilite reposilite
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://api.vulnche
No detection rules found.
Nuclei
Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read
nuclei·CVSS 7.5
CVE-2024-36117 [HIGH] Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read
Reposilite >= 3.3.0, = 3.3.0, < 3.5.12 - Arbitrary File Read
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.
impact: |
Unauthenticated attackers can exploit path traversal to read arbitrary files including the reposilite.db database file.
remediation: |
Update Reposilite to version 3.5.12 or later.
reference:
- ht
2024-06-19
Published
Exploited in the wild