Home

Description

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.

PUBLISHED Reserved 2024-05-15 | Published 2024-05-16 | Updated 2024-08-01 | Assigner Sonatype




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

3.0.0 (semver)
affected

Credits

Erick Fernando Xavier de Oliveira (erickfernandox) finder

References

support.sonatype.com/hc/en-us/articles/29416509323923 vendor-advisory

support.sonatype.com/hc/en-us/articles/29416509323923 vendor-advisory

cve.org (CVE-2024-4956)

nvd.nist.gov (CVE-2024-4956)

Download JSON