Sonatype Nexus product security update advisory

May 24 2024

Overview

An update has been released to address vulnerabilities in the Sonatype Nexus product. Users of affected versions are advised to update to the latest version.

Affected Products

Sonatype Nexus Repository 3.x OSS/Pro 3.68.0 or below

Resolved Vulnerabilities

Vulnerability in Sonatype Nexus Repository 3 due to path traversal that could allow unauthenticated attackers to read system files (CVE-2024-4956)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

Sonatype Nexus Repository OSS/Pro version 3.68.1

Referenced Sites

[1] CVE-2024-4956 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-4956

[2] CVE-2024-4956 Nexus Repository 3 – Path Traversal – 2024-05-16

https://support.sonatype.com/hc/en-us/articles/29416509323923-CVE-2024-4956-Nexus-Repository-3-Path-Traversal-2024-05-16

Sonatype Nexus product security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Google Chrome Browser (125.0.6422.76/.77) Security Update Advisory

GitLab Product Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Google Chrome Browser (125.0.6422.76/.77) Security Update Advisory

GitLab Product Security Update Advisory