CVE-2021-34553

Vulnerability

Sonatype Nexus Repository Manager 3.x versions up to and including 3.30.1 contain an information disclosure vulnerability [1]. A remote authenticated attacker can list blob files and read their content via a crafted GET request, bypassing access controls. The issue is present in all versions before 3.31.0.

Exploitation

An attacker must have an active account with at least reading privileges on the Nexus Repository instance [1]. With that access, they can send a malicious GET request to enumerate blob files and retrieve their contents without being granted explicit access to those blobs. No additional user interaction or special network position is required beyond authentication.

Impact

Successful exploitation allows the attacker to list blob files and read their contents, leading to unauthorized information disclosure [1]. The CVSS v3.1 base score is 4.3 (medium), with low impact on confidentiality and no impact on integrity or availability.

Mitigation

The vulnerability is fixed in Nexus Repository 3 version 3.31.0 and later [1]. Users should upgrade to 3.31.0 or later immediately. No workarounds are provided in the advisory. The issue is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.