RSS   Podatności dla 'Nexus repository manager'   RSS

2021-11-04
 
CVE-2021-43293

CWE-918
 

 
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).

 
2021-11-02
 
CVE-2021-42568

CWE-200
 

 
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.

 
2021-08-10
 
CVE-2021-37152

CWE-79
 

 

 
2021-06-18
 
CVE-2021-34553

CWE-22
 

 
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.

 
2021-04-28
 
CVE-2021-29159

CWE-79
 

 
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.

 
2021-04-27
 
CVE-2021-30635

CWE-22
 

 
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).

 
2020-12-17
 
CVE-2020-29436

CWE-611
 

 
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0.

 
2020-08-12
 
CVE-2020-15868

CWE-863
 

 
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.

 
2020-04-27
 
CVE-2020-11415

CWE-312
 

 
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.

 
2019-09-03
 
CVE-2019-5475

CWE-78
 

 
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

 


Copyright 2021, cxsecurity.com

 

Back to Top