作者:Lucifaer
博客:https://www.lucifaer.com
這篇分析其實在上周五也就是2月15號左右就已經分析完了,但是當時沒有及時發出來,當周一看到iswin dalao發出的詳盡分析后才把這篇分析發布做了預警算是慢了n步2333…
總體來說這個漏洞流程是比較好分析的,真正的難度是找漏洞觸發點,當時分析的時候找了半天沒找到觸發點,最後還是硬着頭皮在OrientDb的處理流程中繞了半天才意識到…還是太菜了
0x00 漏洞概述
Insufficient access controls have been discovered in Nexus Repository Manager 3 which allow remote code execution.
An unauthenticated user can craft requests in such a manner that can execute java code on the server. We have mitigated the issue by adding the necessary access controls as well as disabling the ability to execute arbitrary java code via this path. This advisory provides the pertinent information needed to properly address this vulnerability, along with the details on how to reach us if you have any further questions or concerns.
從官方的漏洞簡述來看簡單的來說就是由於未授權訪問的用戶可以構造請求而造成任意代碼執行。而且因為3.15.0+以上的版本增加了用戶認證,所以3.15.0+的版本不受此漏洞的影響。所以根據diff的結果,可以大致的確定漏洞在org.sonatype.nexus.coreui.ComponentComponent#previewAssets:
转载请注明:IAMCOOL » Nexus Repository Manager 3 遠程代碼執行漏洞分析(CVE-2019-7238)