漏洞描述
Nexus 的全称是 Nexus Repository Manager(Nexus 仓库管理器),是 Sonatype 公司的一个产品。Nexus 是一个强大的仓库管理器,极大地简化了内部仓库的维护和外部仓库的访问。Nexus 分为开源版和专业版,其中开源版足以满足大部分 Maven 用户的需求。攻击者可以通过此漏洞查看源代码,进而分析系统漏洞。
Sonatype Nexus 未授权访问漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2009-4679: Joomla! Portfolio Nexus - Remote File Inclusion
- POC CVE-2019-7238: Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution
- POC CVE-2020-10199: Sonatype Nexus Repository Manager 3 - Remote Code Execution
- POC CVE-2020-24571: NexusDB <4.50.23 - Local File Inclusion
- POC CVE-2022-46888: NexusPHP <1.7.33 - Cross-Site Scripting
- POC CVE-2024-4956: Sonatype Nexus Repository Manager 3 - Local File Inclusion
- POC CVE-2024-5082: Nexus Repository 2 - Remote Code Execution
- POC CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection
- POC CVE-2020-10204: Nexus Repository before 3.21.2 Remote Code Execution
- POC CVE-2020-24571: NexusDB v4.50.22 Path Traversal
- POC CVE-2024-4956: Nexus Repository Manager 文件读取漏洞
- POC nexus-default-password: Nexus Default Password
- POC nexus-default-login: Nexus Default Login