Main Vulnerability Database Vulnerabilities #VU19395

#VU19395 Permissions, Privileges, and Access Controls in Nexus Repository Manager - CVE-2019-9630

Published: July 26, 2019

Vulnerability identifier: #VU19395

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-9630

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Nexus Repository Manager

Software vendor:
Sonatype Inc.

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses weak security policy by default that allows all unauthenticated users to read files and images on the repository. A remote non-authenticated attacker can gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed/

#VU19395 Permissions, Privileges, and Access Controls in Nexus Repository Manager - CVE-2019-9630

Description

Remediation

External links

Please verify you're human