Sonatype Nexus Security Advisories

The following article is a list of all public security advisories filed against Sonatype Nexus. Please refer to individual articles for full disclosure detail and remedy measures.

Nexus Repository Manager Remote Code Execution Vulnerability Advisory

Sonatype Support Article

The identified vulnerability allows for an unauthenticated attacker with network access to perform remote code exploits.

CVE-2014-9389 - directory traversal

Sonatype Support Article

The identified vulnerabilities can allow an attacker to perform directory traversal to read/write sensitive data files.

CVE-2014-2034 - unauthenticated user account creation

Sonatype Support Article

The vulnerability makes use of an unauthenticated execution path that allows for the creation of user accounts.

CVE-2014-0792 - xstream arbitrary code execution

Sonatype Support Article

The identified vulnerability can allow an attacker controlled remote object creation and arbitrary code execution in the running Nexus instance without requiring user authentication.

Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk