cbcvebase.
CVE-2024-52302
published 2024-11-14

CVE-2024-52302: common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical…

PriorityP262high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
3.22%
86.7th percentile
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).

Affected

1 ranges
VendorProductVersion rangeFixed in
osamataherjava-springboot-codebase< 204402bb8b68030c14911379ddc82cfff00b8538204402bb8b68030c14911379ddc82cfff00b8538

Detection & IOCsextracted from sources · hover to see the quote

url/api/v1/customer/profile-picture
url/api/v1/customer/my-profile
url/api/v1/user/login
  • Monitor for PUT or POST requests to the endpoint /api/v1/customer/profile-picture containing multipart file uploads with non-image extensions such as .jsp, .php, or .html, which indicate exploitation of the unrestricted file upload vulnerability.
  • Detect authentication attempts to /api/v1/user/login followed by rapid file upload activity to /api/v1/customer/profile-picture, which matches the exploit's automated two-step attack chain.
  • Flag accounts with roles 26 and 17 performing file uploads, as the exploit specifically requires a customer account with these roles to reach the vulnerable endpoint.
  • ·The exploit disables TLS certificate verification (verify=False), meaning the attacker may target HTTPS endpoints without valid certificates. Detection controls should inspect HTTPS traffic and not rely solely on certificate validity checks.
  • ·The vulnerability requires an authenticated session (Bearer token); however, the exploit automates credential-based login, so compromised or weak credentials are a prerequisite attack surface that must be hardened.
  • ·RCE is only achieved if the server is configured to execute the uploaded file type (e.g., JSP execution requires a Java servlet container). Environments not serving uploaded files as executable content reduce but do not eliminate risk.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.