PT-2014-4440 · Sonatype · Sonatype Nexus+1
Published
2014-04-01
·
Updated
2014-04-01
·
CVE-2014-2034
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sonatype Nexus versions 2.4.0 through 2.7.1
Description
The issue allows attackers to create arbitrary user accounts via an unauthenticated execution path.
Recommendations
For versions 2.4.0 through 2.7.1, update to a version outside of the affected range to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nexus Repository Manager
Sonatype Nexus