Latest sonatype nexus repository manager Vulnerabilities

CVE-2022-27907
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
Sonatype Nexus Repository Manager>=3.0.0<3.38.0
CVE-2021-43961
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
Sonatype Nexus Repository Manager>=3.0.0<3.38.0
CVE-2021-43293
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).
Sonatype Nexus Repository Manager>=3.0.0<=3.35.0
CVE-2021-42568
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.
Sonatype Nexus Repository Manager>=3.0.0<=3.35.0
CVE-2021-34553
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been grant...
Sonatype Nexus Repository Manager>=3.0.0<3.31.0
CVE-2021-29159
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when vi...
Sonatype Nexus Repository Manager>=3.23.0<3.30.1
CVE-2021-30635
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data...
Sonatype Nexus Repository Manager>=3.0<3.30.1
CVE-2020-29436
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.2...
Sonatype Nexus Repository Manager>=3.0.0<3.29.0
CVE-2020-15012
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk...
Sonatype Nexus Repository Manager>=2.0<2.14.19
CVE-2020-15868
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
Sonatype Nexus Repository Manager<3.26.0
Sonatype Nexus Repository Manager<3.26.0
CVE-2020-11415
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in clea...
Sonatype Nexus Repository Manager>=2.0<2.14.17
Sonatype Nexus Repository Manager>=3.0<3.22.1
CVE-2019-15588
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java ...
Sonatype Nexus Repository Manager<=2.14.14
CVE-2019-15893
Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.
Sonatype Nexus Repository Manager<2.14.15
CVE-2019-5475
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
Sonatype Nexus Repository Manager>=2.0<=2.14.9-01
CVE-2019-14469
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
Sonatype Nexus Repository Manager>=3.14.0<=3.17.0
CVE-2019-9629
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
Sonatype Nexus Repository Manager<3.17.0
CVE-2019-9630
Sonatype Nexus Repository Manager<3.17.0
CVE-2019-11629
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.
Sonatype Nexus Repository Manager>=2.0.0<2.14.13
CVE-2019-7238
Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
Sonatype Nexus<3.15.0
CVE-2018-16621
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
Sonatype Nexus Repository Manager<3.14.0
CVE-2018-16619
Sonatype Nexus Repository Manager before 3.14 allows XSS.
Sonatype Nexus Repository Manager<3.14.0
CVE-2018-16620
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
Sonatype Nexus Repository Manager<3.14.0
CVE-2018-12100
Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.
Sonatype Nexus Repository Manager>=3.3.0<3.12.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203