First published: Mon Jul 08 2019(Updated: )
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sonatype Nexus Repository Manager | <3.17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9629 is a vulnerability in Sonatype Nexus Repository Manager before version 3.17.0 that establishes a default administrator user with weak credentials.
CVE-2019-9629 has a severity rating of 9.8 (Critical).
CVE-2019-9629 affects Sonatype Nexus Repository Manager versions up to, but excluding, 3.17.0.
CVE-2019-9629 is associated with CWE-287 (Improper Authentication).
You can find more information about CVE-2019-9629 at the following link: [https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed/](https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed/)