Description

Sonatype Nexus Repository Manager 3 is vulnerable to a path traversal issue that allows unauthenticated attackers to read arbitrary files.

Remediation

Upgrade to Nexus Repository Manager version 3.68.1 or later

References

Sonatype Support Article

Related Vulnerabilities

Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2021-30639)

PostgreSQL Incorrect Authorization Vulnerability (CVE-2018-10925)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44949)

MySQL CVE-2022-21482 Vulnerability (CVE-2022-21482)

WebLogic CVE-2020-2934 Vulnerability (CVE-2020-2934)

Severity

High

Classification

CVE-2024-4956 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Known Vulnerabilities