Directory Traversal Vulnerability in Sonatype Nexus Repository Manager
CVE-2020-15012

8.6HIGH

Key Information:

Vendor: Sonatype
Status: Nexus Repository Manager
Vendor: CVE Published:; 12 October 2020

What is CVE-2020-15012?

A Directory Traversal vulnerability has been identified in Sonatype Nexus Repository Manager 2.x, allowing an attacker to craft specific requests that enable them to traverse the file system. This could lead to unauthorized access to sensitive files stored on disk that are accessible by the user running the Nexus Repository Manager instance. Proper controls and validation mechanisms should be implemented to mitigate this security risk.

References

https://support.sonatype.com/hc/en-us/articles/360051068253

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2020
Vulnerability Reserved
Jun 24, 2020