412 matches found
Sonatype Nexus Repository Manager 信息泄露漏洞
Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. An information disclosure vulnerability exists in Sonatype Nexus Repository Manager, which can be exploited by an attacker to bypass acces...
Vulnerability fixed in Sonatype Nexus
Sonatype has fixed a vulnerability in Nexus Repository. A unauthenticated malicious party could potentially gain access to sensitive information via an HTTP header injection to potentially gain access to sensitive information. Sonatype has released little further substantive information. Sonatype...
GHSA-F34X-8PF6-QC9C HTTP header injection in Sonatype Nexus Repository
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...
org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.33.1-01), org.sonatype.nexus.assemblies:nexus-core-feature (>=3.0.0-03 <=3.33.1-01) +37 more potentially affected by CVE-2021-40143 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.33.1-01)
org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.10.0-04, =3.0.0-03, =3.10.0-04, =3.10.0-04, =0.0.1, =3.17.0-01, =0.0.2, =0.0.2, =3.19.0-01, =0.0.3, =1.0.0, =0.0.4, =0.0.2, =3.17.0-01, =0.0.13, =1.0.10 and more Source cves: CVE-2021-40143 Source advisory: OSV:GHSA-F34X-8P...
CVE-2021-40143
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...
Design/Logic Flaw
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...
CVE-2021-40143
Summary: CVE-2021-40143 affects Sonatype Nexus Repository 3.x up to 3.33.1-01 and is caused by an HTTP header injection vulnerability. An attacker can craft requests that may disclose sensitive information or cause the server to fetch external resources. Exploitation details are not provided in t...
CVE-2021-40143
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...
Sonatype Nexus Repository 注入漏洞
Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype Nexus Repository, which originates. An attacker can exploit the vulnerability to add new headers to Sonatyp...
CVE-2021-37152
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications...
CVE-2021-37152
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications...
CVE-2021-37152
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications...
CVE-2021-37152
CVE-2021-37152 affects Sonatype Nexus Repository Manager 3.x prior to 3.33.0. An authenticated attacker who can add HTML files to a repository could cause cross-site scripting by redirecting users to Nexus pages with modified code. Root cause: improper handling/delivery of HTML content uploaded t...
Sonatype Nexus Repository Manager 跨站脚本漏洞
Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. Sonatype Nexus Repository Manager suffers from a cross-site scripting vulnerability that stems from the ability to run JavaScript code in...
CVE-2021-34553
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file via a GET request without having been granted access...
Design/Logic Flaw
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file via a GET request without having been granted access...
Vulnerability fixed in Sonatype Nexus
Sonatype has fixed a vulnerability in Nexus Repository 3. An authenticated malicious person could exploit the vulnerability to gain access to sensitive information. Sonatype has released updates to fix the vulnerability in Nexus Repository 3.31.0. For more information, see:...
CVE-2021-34553
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file via a GET request without having been granted access...
CVE-2021-34553
Sonatype Nexus Repository Manager 3.x before 3.31.0 is vulnerable: remote authenticated attackers can enumerate blob files and read blob contents via GET without proper access. Affected software is Nexus Repository Manager 3.x prior to 3.31.0; remediation is to upgrade to 3.31.0 or later (per Red...
Sonatype Nexus Repository Manager 路径遍历漏洞
Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used for managing, storing, and distributing software, among other things. A path traversal vulnerability in Sonatype Nexus Repository Manager version 3.x prior to 3.31.0 allows remote authenticated attacke...