Description

Sonatype Nexus Repository Manager 3 is vulnerable to a path traversal issue that allows unauthenticated attackers to read arbitrary files.

Remediation

Upgrade to Nexus Repository Manager version 3.68.1 or later

References

Sonatype Support Article

Related Vulnerabilities

Oracle Database Server CVE-2011-2231 Vulnerability (CVE-2011-2231)

phpMyFAQ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2005-3046)

Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0447)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)

MySQL CVE-2022-21249 Vulnerability (CVE-2022-21249)

Severity

High

Classification

CVE-2024-4956 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Known Vulnerabilities