# CVE-2024-4956-Sonatype-Nexus-Repository-Manager

**Sonatype Nexus Repository Manager** provides a central platform for storing build artifacts

**CVE-2024-4956** is a path traversal vulnerability in Sonatype Nexus Repository manager that allows an attacker to craft a URL to return any file as a download, including system files outside of Nexus Repository application scope, without any authentication.

**Affected Versions**:  All previous Sonatype Nexus Repository 3.x OSS/Pro versions up to and including 3.68.0

**Python3 exploit Usage**: python3 -u -p -f

**Python3 exploit Usage example**: python3 -u -p 8081 -f /etc/passwd

**Bash exploit Usage**: ./ -u targetUrl -p targetPort -f targetFile

**Bash exploit Usage example**: ./ -u -p 8081 -f /etc/passwd

**Disclaimer**: This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited.