What is CVE-2024-5764?

CVE-2024-5764 is a vulnerability in Sonatype Nexus Repository, classified under Use of Hard-coded Credentials. Published 2024-10-23.

Is CVE-2024-5764 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sonatype Nexus Repository

CVE-2024-5764

Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tok…

EPSS: 0.034 (87.7th percentile) — read the EPSS interpretation.

Affected products

Sonatype Nexus Repository — versions 3.0.0

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

Public proof-of-concept exploits

fin3ss3g0d/CVE-2024-5764
fkie-cad/nvd-json-data-feeds
nomi-sec/PoC-in-GitHub

References

support.sonatype.com/hc/en-us/articles/34496708991507 (vendor-advisory)

Frequently asked questions

What is CVE-2024-5764?: CVE-2024-5764 is a vulnerability in Sonatype Nexus Repository, classified under Use of Hard-coded Credentials. Published 2024-10-23.
Is CVE-2024-5764 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.