Vulnerability Details CVE-2014-2034
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/57142
- http://www.osvdb.org/104049
- http://www.securityfocus.com/bid/65956
- http://www.sonatype.org/advisories/archive/2014-03-03-Nexus
- https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API
- http://secunia.com/advisories/57142
- http://www.osvdb.org/104049
- http://www.securityfocus.com/bid/65956
- http://www.sonatype.org/advisories/archive/2014-03-03-Nexus
- https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API
Products affected by CVE-2014-2034
-
cpe:2.3:a:sonatype:nexus:2.4.0
-
cpe:2.3:a:sonatype:nexus:2.5.0
-
cpe:2.3:a:sonatype:nexus:2.6.0
-
cpe:2.3:a:sonatype:nexus:2.6.1
-
cpe:2.3:a:sonatype:nexus:2.6.2
-
cpe:2.3:a:sonatype:nexus:2.6.3
-
cpe:2.3:a:sonatype:nexus:2.6.4
-
cpe:2.3:a:sonatype:nexus:2.6.5
-
cpe:2.3:a:sonatype:nexus:2.7.0
-
cpe:2.3:a:sonatype:nexus:2.7.1