Skip to content

feat: update templated plugin for CVE-2024-4956 #669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Sep 5, 2025
Merged

feat: update templated plugin for CVE-2024-4956 #669

merged 5 commits into from
Sep 5, 2025

Conversation

W0ngL1
Copy link
Contributor

@W0ngL1 W0ngL1 commented Aug 1, 2025

Hi @tooryx,

Here is the testbed PR: google/security-testbeds#148.

@W0ngL1 W0ngL1 mentioned this pull request Aug 1, 2025
Closed
@tooryx tooryx linked an issue Aug 7, 2025 that may be closed by this pull request
PRP: Request Nexus Repository 3 Arbitrary File Read (CVE-2024-4956) #498
Closed
@leonardo-doyensec
Copy link
Collaborator

Hello @W0ngL1.
Thank you for your contribution. I'm noticing that the plugin lacks of a fingerprinting phase. Please implement it.
Moreover i think that the description field should contain an explanation of the issue. Please change it.

Feel free to reach out
~ Leonardo (Doyensec)

@W0ngL1
Copy link
Contributor Author

W0ngL1 commented Aug 20, 2025

Hi @leonardo-doyensec.

Should I create a new issue for this fingerprinting plugin?
And I've updated the description with reference to GHSA-6cgv-69mq-8w7x.

@leonardo-doyensec
Copy link
Collaborator

Hello @W0ngL1.
In order to implement a proper fingerprint all you need is a way to identify that the service that you are hitting is Nexus. Maybe a request to a non existing endpoint or a well-known one may reveal additional information on the running service.

@W0ngL1
Copy link
Contributor Author

W0ngL1 commented Aug 20, 2025
edited
Loading

Hi @leonardo-doyensec.

I have a question regarding the workflow. Do I need to determine the version based on the fingerprint first, and then decide whether a vulnerability scan is possible?
From the previous project design, it seems like I may need to submit a fingerprint collector that covers all versions.

In that case, should I open a separate issue to track this work?

@leonardo-doyensec
Copy link
Collaborator

Hello @W0ngL1
The best option would be to find a way to fingerprint the exact version of the service running. It would be possible to parse the HTML of a page in order to understand the version.

What i'm mentioning here is fingerprint phase, not a fingerprint plugin. If you want to implement a fingerprint plugin you should follow the standard submission process.

@W0ngL1
Copy link
Contributor Author

W0ngL1 commented Aug 20, 2025
edited
Loading

Copy that @leonardo-doyensec.

@W0ngL1
Copy link
Contributor Author

W0ngL1 commented Aug 21, 2025

Hi @leonardo-doyensec,

I've updated. If there are any issues, feel free to let me know.

@leonardo-doyensec
Copy link
Collaborator

LGTM
@tooryx we can merge this as well as google/security-testbeds#148

Reviewer: Leonardo (Doyensec)
Plugin: CVE-2024-4956
Drawbacks: None

@leonardo-doyensec leonardo-doyensec self-requested a review August 21, 2025 14:05
@copybara-service copybara-service bot merged commit 5e146d5 into google:master Sep 5, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tooryx tooryx tooryx approved these changes

@leonardo-doyensec leonardo-doyensec Awaiting requested review from leonardo-doyensec

Assignees

@W0ngL1 W0ngL1

Labels
lgtm templated
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PRP: Request Nexus Repository 3 Arbitrary File Read (CVE-2024-4956)
3 participants
@W0ngL1 @leonardo-doyensec @tooryx