Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7839

Security Vulnerability: Directory Traversal

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.7, 1.8, 1.9.2.4, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 2.10, 2.11
    • Fix Version/s: 2.11.1
    • Component/s: Repository
    • Labels:

      Description

      All versions prior to Nexus 2.11.1-01 are affected.

      A severe security vulnerability has been discovered in Nexus requiring immediate action.

      The identified vulnerabilities can allow an attacker to perform directory traversal to read/write sensitive data files. We are highly recommending all instances of Nexus that are running affected versions to upgrade to Nexus 2.11.1-01 or greater.

      This vulnerability was identified by an external researcher and has been verified by our security team. We are not aware of any active exploits taking advantage of this issue. We strongly encourage all users of Nexus to immediately take the steps outlined in the official advisory.

      Please refer to the official advisory for more information.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  tigCommentSecurity.panel-title