CVE-2024-4956 — Nexus Repository 3 Path Traversal (no login needed)

Sep 14, 2025 · 4 min read · TL;DR What: An unauthenticated path traversal in Sonatype Nexus Repository 3 lets anyone craft a URL that makes Nexus return any file on the server—even outside the app folder. No login required. Fixed in 3.68.1. Affected: All Nexus Repository 3.x ...