Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-4956 PoC — Nexus Repository 3 - Path Traversal

Source
https://github.com/amalpvatayam67/day04-nexus-4956
Associated Vulnerability
Title:Nexus Repository 3 - Path Traversal (CVE-2024-4956)
Description:Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
Description
Nexus Repository 3 Path Traversal (CVE-2024-4956)
Readme
# Day 4 – Nexus Repository 3 Path Traversal (CVE-2024-4956)

**What:** Unauthenticated path traversal lets anyone download arbitrary files with a crafted URL.  
**Vuln:** Affects Nexus Repo 3 versions **≤ 3.68.0**. Fixed in **3.68.1**.  
**Source:** Sonatype advisory + NVD.  
**Safety:** Lab is local-only. Don’t target systems you don’t own.

## Setup

```bash
docker build -t day4-nexus-4956 .
docker run -d -p 8081:8081 --name day4 day4-nexus-4956
# Boot takes ~1–2 minutes; watch: docker logs -f day4
curl -I httphttp://localhost:8081/
```

! If you stuck you can use ./exploit.sh (after the container is running)
File Snapshot

 [4.0K]  /data/pocs/b6d8d765d5965ee99fe239131c461fb66ffa4c11
├── [ 255]  DISCLAIMER.md
├── [ 490]  Dockerfile
├── [ 620]  entrypoint.sh
├── [ 527]  exploit.sh
└── [ 629]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →