An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).
CPE | Name | Operator | Version |
---|---|---|---|
nexus_repository_manager_3 | eq | 3.22.0 | |
nexus_repository_manager_3 | eq | 3.21.1 |