CVE-2021-34553

2021-06-1800:15:07

Google

osv.dev

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.8%

JSON

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.

CPENameOperatorVersion
nexus-publiceqrelease-3.22.1-02
nexus-publiceqrelease-3.21.0-05
nexus-publiceqrelease-3.4.0-02
nexus-publiceqrelease-3.5.0-02
nexus-publiceqrelease-3.27.0-03
nexus-publiceqrelease-3.28.1-01
nexus-publiceqrelease-3.30.0-01
nexus-publiceqrelease-3.25.1-02
nexus-publiceqrelease-3.20.0-04
nexus-publiceqrelease-3.29.1-01

Name	Operator	Version
nexus-public	eq	release-3.22.1-02
nexus-public	eq	release-3.21.0-05
nexus-public	eq	release-3.4.0-02
nexus-public	eq	release-3.5.0-02
nexus-public	eq	release-3.27.0-03
nexus-public	eq	release-3.28.1-01
nexus-public	eq	release-3.30.0-01
nexus-public	eq	release-3.25.1-02
nexus-public	eq	release-3.20.0-04
nexus-public	eq	release-3.29.1-01