Description

Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).

Related CPE's

a

sonatype

nexus_repository_manager

Vulnerable

References

https://support.sonatype.com/hc/en-us/articles/1500006879561

PatchVendor Advisory

https://support.sonatype.com/hc/en-us/articles/1500006879561

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-22

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-27T01:15:07.617Z

4 years ago

Last modified

2024-11-21T05:04:20.157Z

1 year ago