CVE-2024-4956 — Nexus Repository 3 Path Traversal (no login needed)
TL;DR What: An unauthenticated path traversal in Sonatype Nexus Repository 3 lets anyone craft a URL that makes Nexus return any file on the server—even outside the app folder. No login required. Fixed in 3.68.1. Affected: All Nexus Repository 3.x ...
Sep 14, 20254 min read15
