Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nexus_repository_manager
(Sonatype)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 27 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-17 | CVE-2021-43961 | Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. | Nexus_repository_manager | 4.3 | ||
| 2022-03-30 | CVE-2022-27907 | Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. | Nexus_repository_manager | 4.3 | ||
| 2021-11-02 | CVE-2021-42568 | Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. | Nexus_repository_manager | 4.3 | ||
| 2021-11-04 | CVE-2021-43293 | Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). | Nexus_repository_manager | 4.3 | ||
| 2021-08-10 | CVE-2021-37152 | Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications. | Nexus_repository_manager | 5.4 | ||
| 2020-08-12 | CVE-2020-15868 | Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. | Nexus_repository_manager | 7.5 | ||
| 2021-06-18 | CVE-2021-34553 | Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. | Nexus_repository_manager | 4.3 | ||
| 2021-04-28 | CVE-2021-29159 | A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application. | Nexus_repository_manager | 6.1 | ||
| 2021-04-27 | CVE-2021-30635 | Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). | Nexus_repository_manager | 5.3 | ||
| 2018-11-15 | CVE-2018-16621 | Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection. | Nexus_repository_manager | 7.2 |