PT-2019-19765 · Sonatype · Sonatype Nexus Repository Manager+1

Publicado

2019-07-08

Atualizado

2020-08-24

CVE-2019-9630

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.17.0

Description The issue concerns a weak default configuration that grants any unauthenticated user read permissions on repository files and images.

Recommendations For versions prior to 3.17.0, update to version 3.17.0 or later to resolve the issue.

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2019-9630

Nexus Repository Manager

Sonatype Nexus Repository Manager