RSS   Vulnerabilities for 'Nexus repository manager'   RSS

2022-03-30
 
CVE-2022-27907

CWE-918
 

 
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.

 
2022-03-17
 
CVE-2021-43961

CWE-74
 

 
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.

 
2021-11-04
 
CVE-2021-43293

CWE-918
 

 
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).

 
2021-11-02
 
CVE-2021-42568

CWE-200
 

 
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.

 
2021-08-10
 
CVE-2021-37152

CWE-79
 

 
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager�??s pages with code modifications.

 
2021-06-18
 
CVE-2021-34553

CWE-22
 

 
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.

 
2021-04-28
 
CVE-2021-29159

CWE-79
 

 
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.

 
2021-04-27
 
CVE-2021-30635

CWE-22
 

 
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).

 
2020-12-17
 
CVE-2020-29436

CWE-611
 

 
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0.

 
2020-08-12
 
CVE-2020-15868

CWE-863
 

 
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.

 


Copyright 2024, cxsecurity.com

 

Back to Top