Nexus Repository Manager OSS/Pro
by Sonatype
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11444 | 0.05 | — | 0.59 | Apr 2, 2020 | Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. | |||
| CVE-2022-27907 | 0.00 | — | 0.00 | Mar 30, 2022 | Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. | |||
| CVE-2021-43961 | 0.00 | — | 0.00 | Mar 17, 2022 | Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. | |||
| CVE-2021-43293 | 0.00 | — | 0.00 | Nov 4, 2021 | Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). | |||
| CVE-2021-42568 | 0.00 | — | 0.00 | Nov 2, 2021 | Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. | |||
| CVE-2021-37152 | 0.00 | — | 0.03 | Aug 10, 2021 | Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications. | |||
| CVE-2021-34553 | 0.00 | — | 0.01 | Jun 17, 2021 | Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. | |||
| CVE-2021-29159 | 0.00 | — | 0.00 | Apr 28, 2021 | A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of… | |||
| CVE-2021-30635 | 0.00 | — | 0.00 | Apr 27, 2021 | Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). | |||
| CVE-2021-29158 | 0.00 | — | 0.00 | Apr 23, 2021 | Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. | |||
| CVE-2020-15012 | 0.00 | — | 0.01 | Oct 12, 2020 | A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to). | |||
| CVE-2020-15871 | 0.00 | — | 0.01 | Jul 31, 2020 | Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. | |||
| CVE-2020-15869 | 0.00 | — | 0.00 | Jul 31, 2020 | Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). | |||
| CVE-2020-11415 | 0.00 | — | 0.00 | Apr 27, 2020 | An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext. | |||
| CVE-2020-11753 | 0.00 | — | 0.01 | Apr 20, 2020 | An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default… |
- CVE-2020-11444Apr 2, 2020risk 0.05cvss —epss 0.59
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
- CVE-2022-27907Mar 30, 2022risk 0.00cvss —epss 0.00
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
- CVE-2021-43961Mar 17, 2022risk 0.00cvss —epss 0.00
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
- CVE-2021-43293Nov 4, 2021risk 0.00cvss —epss 0.00
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).
- CVE-2021-42568Nov 2, 2021risk 0.00cvss —epss 0.00
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.
- CVE-2021-37152Aug 10, 2021risk 0.00cvss —epss 0.03
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications.
- CVE-2021-34553Jun 17, 2021risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.
- CVE-2021-29159Apr 28, 2021risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of…
- CVE-2021-30635Apr 27, 2021risk 0.00cvss —epss 0.00
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).
- CVE-2021-29158Apr 23, 2021risk 0.00cvss —epss 0.00
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
- CVE-2020-15012Oct 12, 2020risk 0.00cvss —epss 0.01
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to).
- CVE-2020-15871Jul 31, 2020risk 0.00cvss —epss 0.01
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.
- CVE-2020-15869Jul 31, 2020risk 0.00cvss —epss 0.00
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).
- CVE-2020-11415Apr 27, 2020risk 0.00cvss —epss 0.00
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.
- CVE-2020-11753Apr 20, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default…