Lucene search
K

412 matches found

CNNVD
CNNVD
added 2021/10/27 12:0 a.m.3 views

Sonatype Nexus Repository Manager 信息泄露漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. An information disclosure vulnerability exists in Sonatype Nexus Repository Manager, which can be exploited by an attacker to bypass acces...

4.3CVSS5.3AI score0.00456EPSS
Exploits0References5
NCSC
NCSC
added 2021/10/04 12:0 a.m.7 views

Vulnerability fixed in Sonatype Nexus

Sonatype has fixed a vulnerability in Nexus Repository. A unauthenticated malicious party could potentially gain access to sensitive information via an HTTP header injection to potentially gain access to sensitive information. Sonatype has released little further substantive information. Sonatype...

8.2CVSS6.6AI score0.02322EPSS
Exploits0
OSV
OSV
added 2021/09/08 5:42 p.m.53 views

GHSA-F34X-8PF6-QC9C HTTP header injection in Sonatype Nexus Repository

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...

8.2CVSS8.2AI score0.02322EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2021/09/08 5:42 p.m.6 views

org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.33.1-01), org.sonatype.nexus.assemblies:nexus-core-feature (>=3.0.0-03 <=3.33.1-01) +37 more potentially affected by CVE-2021-40143 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.33.1-01)

org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.10.0-04, =3.0.0-03, =3.10.0-04, =3.10.0-04, =0.0.1, =3.17.0-01, =0.0.2, =0.0.2, =3.19.0-01, =0.0.3, =1.0.0, =0.0.4, =0.0.2, =3.17.0-01, =0.0.13, =1.0.10 and more Source cves: CVE-2021-40143 Source advisory: OSV:GHSA-F34X-8P...

8.2CVSS7.2AI score0.02322EPSS
Exploits0
NVD
NVD
added 2021/09/07 8:15 p.m.14 views

CVE-2021-40143

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...

8.2CVSS0.02322EPSS
Exploits0References2
Prion
Prion
added 2021/09/07 8:15 p.m.23 views

Design/Logic Flaw

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...

6.4CVSS8AI score0.02322EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/09/07 7:28 p.m.83 views

CVE-2021-40143

Summary: CVE-2021-40143 affects Sonatype Nexus Repository 3.x up to 3.33.1-01 and is caused by an HTTP header injection vulnerability. An attacker can craft requests that may disclose sensitive information or cause the server to fetch external resources. Exploitation details are not provided in t...

8.2CVSS8.1AI score0.02322EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/07 7:28 p.m.15 views

CVE-2021-40143

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...

8.4AI score0.02322EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/02 12:0 a.m.7 views

Sonatype Nexus Repository 注入漏洞

Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype Nexus Repository, which originates. An attacker can exploit the vulnerability to add new headers to Sonatyp...

8.2CVSS7.8AI score0.02322EPSS
Exploits0References4
NVD
NVD
added 2021/08/10 2:15 p.m.20 views

CVE-2021-37152

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications...

5.4CVSS0.24389EPSS
Exploits0References2
OSV
OSV
added 2021/08/10 2:15 p.m.17 views

CVE-2021-37152

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications...

5.4CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2021/08/10 1:25 p.m.26 views

CVE-2021-37152

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications...

5.4AI score0.24389EPSS
Exploits0References2
CVE
CVE
added 2021/08/10 1:25 p.m.53 views

CVE-2021-37152

CVE-2021-37152 affects Sonatype Nexus Repository Manager 3.x prior to 3.33.0. An authenticated attacker who can add HTML files to a repository could cause cross-site scripting by redirecting users to Nexus pages with modified code. Root cause: improper handling/delivery of HTML content uploaded t...

5.4CVSS5.1AI score0.24389EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.4 views

Sonatype Nexus Repository Manager 跨站脚本漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. Sonatype Nexus Repository Manager suffers from a cross-site scripting vulnerability that stems from the ability to run JavaScript code in...

5.4CVSS5.7AI score0.24389EPSS
Exploits0References4
NVD
NVD
added 2021/06/18 12:15 a.m.18 views

CVE-2021-34553

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file via a GET request without having been granted access...

4.3CVSS0.03675EPSS
Exploits0References1
Prion
Prion
added 2021/06/18 12:15 a.m.14 views

Design/Logic Flaw

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file via a GET request without having been granted access...

4CVSS4.5AI score0.03675EPSS
Exploits0References1Affected Software1
NCSC
NCSC
added 2021/06/18 12:0 a.m.4 views

Vulnerability fixed in Sonatype Nexus

Sonatype has fixed a vulnerability in Nexus Repository 3. An authenticated malicious person could exploit the vulnerability to gain access to sensitive information. Sonatype has released updates to fix the vulnerability in Nexus Repository 3.31.0. For more information, see:...

4.3CVSS6.7AI score0.03675EPSS
Exploits0
Cvelist
Cvelist
added 2021/06/17 11:41 p.m.20 views

CVE-2021-34553

Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file via a GET request without having been granted access...

4.7AI score0.03675EPSS
Exploits0References1
CVE
CVE
added 2021/06/17 11:41 p.m.76 views

CVE-2021-34553

Sonatype Nexus Repository Manager 3.x before 3.31.0 is vulnerable: remote authenticated attackers can enumerate blob files and read blob contents via GET without proper access. Affected software is Nexus Repository Manager 3.x prior to 3.31.0; remediation is to upgrade to 3.31.0 or later (per Red...

4.3CVSS4.3AI score0.03675EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/06/17 12:0 a.m.3 views

Sonatype Nexus Repository Manager 路径遍历漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used for managing, storing, and distributing software, among other things. A path traversal vulnerability in Sonatype Nexus Repository Manager version 3.x prior to 3.31.0 allows remote authenticated attacke...

4.3CVSS5.2AI score0.03675EPSS
Exploits0References3
Rows per page
Query Builder