Vulnerabilities > CVE-2014-2034 - Security Bypass vulnerability in Sonatype Nexus
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 19 |
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID:65956 CVE ID:CVE-2014-2034 Sonatype Nexus是一款功能强大的仓库管理器。 Sonatype Nexus存在未明错误,允许远程恶意用户绕过安全限制,访问受限功能,如创建管理员账户。 0 Sonatype Nexus 2.4.0 - 2.7.1 厂商补丁: Sonatype ----- Sonatype Nexus 2.7.2已经修复该漏洞,建议用户下载更新: http://www.sonatype.org |
| id | SSV:61700 |
| last seen | 2017-11-19 |
| modified | 2014-03-07 |
| published | 2014-03-07 |
| reporter | Root |
| title | Sonatype Nexus安全绕过漏洞 |