Severity by source
AV:N/AC:L/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."
AnalysisAI
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path." Affected products include: Sonatype Nexus. Version information: through 2.7.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). Rated high severity (CVSS 8.8), this vul
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. Rated high severity (CVSS
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code v
Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or writ
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. Rated medium severity (CVSS 4.9),
Sonatype Nexus Repository before 3.21.2 allows XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today