CVE-2024-52302
published 2024-11-14CVE-2024-52302: common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical…
PriorityP262high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
3.22%
86.7th percentile
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| osamataher | java-springboot-codebase | < 204402bb8b68030c14911379ddc82cfff00b8538 | 204402bb8b68030c14911379ddc82cfff00b8538 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for PUT or POST requests to the endpoint /api/v1/customer/profile-picture containing multipart file uploads with non-image extensions such as .jsp, .php, or .html, which indicate exploitation of the unrestricted file upload vulnerability. ↗
- →Detect authentication attempts to /api/v1/user/login followed by rapid file upload activity to /api/v1/customer/profile-picture, which matches the exploit's automated two-step attack chain. ↗
- →Flag accounts with roles 26 and 17 performing file uploads, as the exploit specifically requires a customer account with these roles to reach the vulnerable endpoint. ↗
- ·The exploit disables TLS certificate verification (verify=False), meaning the attacker may target HTTPS endpoints without valid certificates. Detection controls should inspect HTTPS traffic and not rely solely on certificate validity checks. ↗
- ·The vulnerability requires an authenticated session (Bearer token); however, the exploit automates credential-based login, so compromised or weak credentials are a prerequisite attack surface that must be hardened. ↗
- ·RCE is only achieved if the server is configured to execute the uploaded file type (e.g., JSP execution requires a Java servlet container). Environments not serving uploaded files as executable content reduce but do not eliminate risk. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No writeups or analysis indexed.
2024-11-14
Published