RSS   Vulnerabilities for 'Nexus repository manager 3'   RSS

2021-09-07
 
CVE-2021-40143

CWE-74
 

 
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.

 
2020-04-20
 
CVE-2020-11753

CWE-863
 

 
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).

 

 >>> Vendor: Sonatype 3 Products
Nexus
Nexus repository manager
Nexus repository manager 3


Copyright 2024, cxsecurity.com

 

Back to Top