Description
Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61134
Patch, Vendor Advisory x_refsource_confirm
https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal
Scores
EPSS
0.0190
EPSS Percentile
77.1%
Details
CWE
CWE-22
Status
published
Products (1)
sonatype/nexus
< 2.11.0 (2 CPE variants)
Published
Jan 05, 2015
Tracked Since
Feb 18, 2026