Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Nexus Repository Manager 3 Path Traversal (CVE-2024-4956)

Description

Sonatype Nexus Repository Manager 3 is vulnerable to a path traversal issue that allows unauthenticated attackers to read arbitrary files.

Remediation

Upgrade to Nexus Repository Manager version 3.68.1 or later

References

Sonatype Support Article

Related Vulnerabilities

MySQL CVE-2012-0115 Vulnerability (CVE-2012-0115)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-3078)

Grafana CVE-2024-1442 Vulnerability (CVE-2024-1442)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4475)

Apache HTTP Server Off-by-one Error Vulnerability (CVE-2005-1268)

Severity

High

Classification

CVE-2024-4956 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Known Vulnerabilities