CVE-2022-31289

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager OSS version 3.37.3-02

Description The issue is related to incorrect access control, allowing for authentication bypass. This can be exploited remotely, with the attack vector involving response manipulation. An attacker can bypass the login panel and view the dashboard menus without requiring user interaction. The component affected is the Admin Panel.

Recommendations For Sonatype Nexus Repository Manager OSS version 3.37.3-02, as a temporary workaround, consider restricting access to the Admin Panel until a patch is available. Additionally, monitor and validate the authenticity of all requests to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.