Description

Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).

Related CPE's

a

sonatype

nexus_repository_manager

Vulnerable

References

https://support.sonatype.com/hc/en-us/articles/1500006879561

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-22

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-27T03:15:07.617

4 years ago

Last modified

2021-05-04T00:17:13.977

4 years ago