CVE-2021-34553

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sonatype:nexus_repository_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:10

Type Values Removed Values Added
References () https://support.sonatype.com/hc/en-us/articles/4402433828371 - Patch, Vendor Advisory () https://support.sonatype.com/hc/en-us/articles/4402433828371 - Patch, Vendor Advisory

Information

Published : 2021-06-18 00:15

Updated : 2024-11-21 06:10


NVD link : CVE-2021-34553

Mitre link : CVE-2021-34553

CVE.ORG link : CVE-2021-34553


JSON object : View

Products Affected

sonatype

  • nexus_repository_manager
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')