Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0.
CPE | Name | Operator | Version |
---|---|---|---|
nexus_repository_manager | ge | 3.0.0 | |
nexus_repository_manager | lt | 3.29.0 |