Arbitrary File Exposure Vulnerability in Sonatype Nexus Repository Manager
CVE-2021-34553

4.3MEDIUM

Key Information:

Vendor

Sonatype

Status
Nexus Repository Manager
Vendor
CVE Published:
18 June 2021

What is CVE-2021-34553?

The Sonatype Nexus Repository Manager versions 3.x prior to 3.31.0 are vulnerable to a security flaw that enables remote authenticated attackers to retrieve a list of blob files and read their contents without the appropriate access permissions, raising serious concerns regarding unauthorized data exposure. This vulnerability can potentially lead to sensitive information being accessed by malicious actors.

References

https://support.sonatype.com/hc/en-us/articles/4402433828371
x_refsource_CONFIRM

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.