14 Jui 2022
Vulnérabilité CVE-2022-31289 CVE Vulnerability
https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3.37.3-02 is affected by: Incorrect Access Control. The impact is: Authentication Bypass (remote). The component is: Admin Panel. The attack vector is: With the help of response manipulation Attacker can bypass the login panel and view the dashboard menus, No user interaction is required. ¶¶ 1. Go to https://nexus.e-goi.com 2. Click on the Sign In button. 3. Enter the password as admin:admin. 4. Intercept the request in Burp Suite. 5. Capture the Response of the Request. 6. Change the Status Code from 403 Forbidden to 200 OK. 7. You will see the dashboard which provides the admin access. (CVSS:0.0) (Last Update:2022-06-14)
Vulnerability Details : https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3.37.3-02 is affected by: Incorrect Access Control. The impact is: Authentication Bypass (remote). The component is: Admin Panel. The attack vector is: With the help of response manipulation Attacker can bypass the login panel and view the dashboard menus, No user interaction is required. ¶¶ 1. Go to https://nexus.e-goi.com 2. Click on the Sign In button. 3. Enter the password as admin:admin. 4. Intercept the request in Burp Suite. 5. Capture the Response of the Request. 6. Change the Status Code from 403 Forbidden to 200 OK. 7. You will see the dashboard which provides the admin access. Publish Date : 2022-06-14 Last Update Date : 2022-06-14 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2022-31289
- References For CVE-2022-31289
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2022-31289There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |