CVE-2021-30635

CVE-2021-30635 affects Sonatype Nexus Repository Manager 3.x prior to 3.30.1. The vulnerability is a directory traversal issue that allows a remote attacker to enumerate files and directories in a UI-related folder; no customer-specific data is exposed. Impact is limited to information disclosure...

CVE-2021-30635

Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal no customer-specific data is exposed...

Unspecified Vulnerability in Sonatype Nexus Repository Manager IQ

Sonatype Nexus Repository Manager IQ is a Sonatype open source application. The policy management and component intelligence features for IQ Server are integrated with the agent repository in Nexus Repository Manager Pro. A security vulnerability exists in Sonatype Nexus Repository Manager IQ. An...

Sonatype Nexus Repository Manager Pro Incorrect Access Control Vulnerability

Nexus Repository Manager is a repository manager from Sonatype that lets you proxy, collect, and manage your dependencies so you don't have to deal with a series of JARs as often, allowing you to distribute your software with ease.OSS is the open-source, free version, and Pro is the professional,...

CVE-2021-29158

Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control...

CVE-2021-29158

Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control...

CVE-2021-29158

The connected sources describe CVE-2021-29158 as an Incorrect Access Control issue in Sonatype Nexus Repository Manager Pro up to and including 3.30.0 . The vulnerability reportedly allows an attacker to obtain sensitive information (per CNVD/PRION/Red Hat entries). No technical exploit details, ...

Sonatype Nexus Repository Manager IQ 路径遍历漏洞

Sonatype Nexus Repository Manager IQ is a Sonatype open source application. The policy management and component intelligence features for IQ Server are integrated with the agent repository in Nexus Repository Manager Pro. A security vulnerability exists in Sonatype Nexus Repository Manager IQ. An...

Sonatype Nexus Repository Manager 安全漏洞

Nexus Repository Manager is a repository manager from Sonatype that lets you proxy, collect, and manage your dependencies so you don't have to deal with a series of JARs as often, allowing you to distribute your software with ease.OSS is the open-source, free version, and Pro is the professional,...

Sonatype Nexus Repository Manager 跨站脚本漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A cross-site scripting vulnerability exists in Nexus Repository Manager version 3.x prior to 3.30.1, which can be exploited by an attacker...

Exploit for OS Command Injection in Sonatype Nexus_Repository_Manager

CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 ------ 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞，其最早被披露于 hackerone，但因官方第一次修复不完整，故又衍生出了 CVE-2019-15588 漏洞。 这两个漏洞都需要以 admin 身份登录后才可以利用，但是 nexus 默认管理员密码 admin123 经常被忽略修改，很容易就被利用了。 0x10 靶场环境 0x20 目录结构 CVE-2019-5475 ├──...

CVE-2020-29436

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0...

CVE-2020-29436

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0...

Design/Logic Flaw

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0...

Sonatype Nexus Repository Manager External Entity Injection Vulnerability

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. An external entity injection vulnerability exists in the Sonatype Nexus Repository Manager product, which allows an attacker with Nexus Repository Manager administrator privileges to configure the system in su...

Sonatype Nexus Repository Manager 代码问题漏洞

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. An external entity injection vulnerability exists in the Sonatype Nexus Repository Manager product, which allows an attacker with Nexus Repository Manager administrator privileges to configure the system in su...

CVE-2020-15012

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk that the user running nxrm also has access to...

CVE-2020-15012

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk that the user running nxrm also has access to...

CVE-2020-15012

Sonatype Nexus Repository Manager 2.x (pre-2.14.19) is affected by a Directory Traversal vulnerability. A crafted path can cause FS traversal to read content on disk to which the Nexus process user has access. Root cause is path traversal in requests; impact is exposure of local content. No expli...

Sonatype Nexus Repository Manager Unauthorized Access Vulnerability

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype NXRM OSS/Pro versions prior to 3.26.0. An attacker could exploit the vulnerability to access...