CVE-2024-4956

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions prior to 3.68.1

Description The issue is a path traversal vulnerability that allows an unauthenticated attacker to read system files. This vulnerability has been identified in Sonatype Nexus Repository 3 and can be exploited to access sensitive system files without authentication. The vulnerability is considered to have a high severity and has the potential for supply chain attacks due to the widespread use of the affected software. Over 118,000 results have been found on a specific search engine, indicating a large number of potentially affected systems.

Recommendations To resolve the issue, update Sonatype Nexus Repository to version 3.68.1 or later. This update fixes the path traversal vulnerability and prevents unauthorized access to system files. As a temporary workaround, consider restricting access to the vulnerable module or function until the patch is applied.