Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown

CVE-2021-40143

Disclosure Date: September 07, 2021 (last updated November 28, 2024)
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-29158

Disclosure Date: April 23, 2021 (last updated November 28, 2024)
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-15870

Disclosure Date: July 31, 2020 (last updated February 21, 2025)
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-15871

Disclosure Date: July 31, 2020 (last updated November 28, 2024)
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-15869

Disclosure Date: July 31, 2020 (last updated February 21, 2025)
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-11753

Disclosure Date: April 20, 2020 (last updated February 21, 2025)
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0