Vulnerabilities > CVE-2014-2034 - Unspecified vulnerability in Sonatype Nexus
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 19 |
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID:65956 CVE ID:CVE-2014-2034 Sonatype Nexus是一款功能强大的仓库管理器。 Sonatype Nexus存在未明错误,允许远程恶意用户绕过安全限制,访问受限功能,如创建管理员账户。 0 Sonatype Nexus 2.4.0 - 2.7.1 厂商补丁: Sonatype ----- Sonatype Nexus 2.7.2已经修复该漏洞,建议用户下载更新: http://www.sonatype.org |
| id | SSV:61700 |
| last seen | 2017-11-19 |
| modified | 2014-03-07 |
| published | 2014-03-07 |
| reporter | Root |
| title | Sonatype Nexus安全绕过漏洞 |