Lucene search

[email protected]CVE-2020-29436

HistoryDec 17, 2020 - 2:15 a.m.

CVE-2020-29436

2020-12-1702:15:12

CWE-611

[email protected]

web.nvd.nist.gov

cve-2020-29436

sonatype nexus

xxe vulnerability

content access

admin privileges

security vulnerability

nvd

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

28.6%

JSON

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0.

Affected configurations

NVD

Node

sonatypenexus_repository_managerRange3.0.0–3.29.0

CPENameOperatorVersion
sonatype:nexus_repository_managersonatype nexus repository managerlt3.29.0

CPE	Name	Operator	Version
sonatype:nexus_repository_manager	sonatype nexus repository manager	lt	3.29.0

References

support.sonatype.com/hc/en-us/articles/1500000415082-CVE-2020-29436-Nexus-Repository-Manager-3-XML-External-Entities-injection-2020-12-15

Social References

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for CVE-2020-29436

cvelist1 prion1 osv1 nvd1