CVE-2022-27907
Description
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows server-side request forgery (SSRF).
Vulnerability
Sonatype Nexus Repository Manager versions 3.x prior to 3.38.0 are vulnerable to server-side request forgery (SSRF). The exact component and conditions required to trigger the vulnerability are not detailed in the available references.
Exploitation
An attacker with network access to the Nexus Repository Manager instance could potentially exploit this SSRF vulnerability. Specific exploitation steps or prerequisites (such as authentication or user interaction) are not disclosed in the available references.
Impact
Successful exploitation could allow an attacker to make unauthorized requests to internal network resources, potentially leading to information disclosure or further compromise of the internal infrastructure.
Mitigation
The vulnerability is fixed in Sonatype Nexus Repository Manager version 3.38.0. Users should upgrade to this version or later. No workarounds are documented in the available references.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <3.38.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- sonatype.commitrex_refsource_MISC
- support.sonatype.com/hc/en-us/articles/5011047953555mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.