CVE-2024-36117

Name of the Vulnerable Software and Affected Versions Reposilite versions 3.5.10 through 3.5.11

Description The issue is related to an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. This occurs because the GET /javadoc/{repository}/<gav>/raw/<resource> route uses the <resource> path parameter to find the file in the javadocUnpackPath directory and returns its content to the user. The <resource> path parameter can contain path traversal characters, allowing an attacker to read files outside the javadocUnpackPath directory. This may lead to the exposure of sensitive information, including passwords and hashes of issued tokens stored in the reposilite.db file or other sensitive properties in the configuration.cdn file.

Recommendations For versions 3.5.10 through 3.5.11, update to version 3.5.12 to resolve the issue. As a temporary workaround, consider normalizing the <resource> path parameter by removing all occurrences of /../ before using it to read the file. This can be achieved by changing resource.toString() to resource.toPath() in the JavadocFacade.kt file.