Lucene search
K

412 matches found

Gitee
Gitee
added 2021/01/24 10:47 a.m.3 views

Exploit for OS Command Injection in Sonatype Nexus_Repository_Manager

CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 ------ 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞,其最早被披露于 hackerone,但因官方第一次修复不完整,故又衍生出了 CVE-2019-15588 漏洞。 这两个漏洞都需要以 admin 身份登录后才可以利用,但是 nexus 默认管理员密码 admin123 经常被忽略修改,很容易就被利用了。 0x10 靶场环境 0x20 目录结构 CVE-2019-5475 ├──...

9CVSS7.9AI score0.18396EPSS
Exploits5
NVD
NVD
added 2020/12/17 2:15 a.m.18 views

CVE-2020-29436

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0...

6.5CVSS6.6AI score0.01441EPSS
Exploits0References1
OSV
OSV
added 2020/12/17 2:15 a.m.23 views

CVE-2020-29436

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0...

6.5CVSS7AI score0.01441EPSS
Exploits0References1
Prion
Prion
added 2020/12/17 2:15 a.m.25 views

Design/Logic Flaw

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0...

5.5CVSS6.6AI score0.01441EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/12/17 12:0 a.m.7 views

Sonatype Nexus Repository Manager External Entity Injection Vulnerability

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. An external entity injection vulnerability exists in the Sonatype Nexus Repository Manager product, which allows an attacker with Nexus Repository Manager administrator privileges to configure the system in su...

6.5CVSS7AI score0.01441EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/16 12:0 a.m.3 views

Sonatype Nexus Repository Manager 代码问题漏洞

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. An external entity injection vulnerability exists in the Sonatype Nexus Repository Manager product, which allows an attacker with Nexus Repository Manager administrator privileges to configure the system in su...

6.5CVSS6.6AI score0.01441EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2020/11/23 12:0 a.m.5 views

Sonatype Nexus Repository Stored Cross Site Scripting (CVE-2020-10203)

A cross-site scripting vulnerability exists in Sonatype Nexus Repository. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

3.5CVSS4.6AI score0.00918EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2020/11/16 12:0 a.m.6 views

Sonatype Nexus Repository Remote Code Execution (CVE-2020-10204)

A remote code execution vulnerability exists in Sonatype Nexus Repository. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.3AI score0.24318EPSS
Exploits3
OSV
OSV
added 2020/10/12 9:15 p.m.18 views

CVE-2020-15012

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk that the user running nxrm also has access to...

8.6CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2020/10/12 9:15 p.m.22 views

Directory traversal

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk that the user running nxrm also has access to...

7.8CVSS8.3AI score0.0256EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/10/12 9:15 p.m.1 views

CVE-2020-15012

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk that the user running nxrm also has access to...

8.6CVSS8AI score0.0256EPSS
Exploits0References2
CVE
CVE
added 2020/10/12 8:35 p.m.68 views

CVE-2020-15012

Sonatype Nexus Repository Manager 2.x (pre-2.14.19) is affected by a Directory Traversal vulnerability. A crafted path can cause FS traversal to read content on disk to which the Nexus process user has access. Root cause is path traversal in requests; impact is exposure of local content. No expli...

8.6CVSS8.3AI score0.0256EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/09/02 12:0 a.m.7 views

Sonatype Nexus Repository Information Disclosure Vulnerability

Sonatype Nexus Repository is a repository manager from Sonatype USA. It is mainly used for managing, storing, and distributing software, among other things. An information disclosure vulnerability exists in Nexus Repository version 3.26.1. An attacker with administrative user privileges could...

4.9CVSS6.3AI score0.00992EPSS
Exploits0References1
OSV
OSV
added 2020/08/25 7:15 p.m.3 views

CVE-2020-24622

In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user...

4.9CVSS5.8AI score0.00992EPSS
Exploits0References2
NVD
NVD
added 2020/08/25 7:15 p.m.16 views

CVE-2020-24622

In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user...

4.9CVSS5.2AI score0.00992EPSS
Exploits0References2
Prion
Prion
added 2020/08/25 7:15 p.m.9 views

Code injection

In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user...

4CVSS5.2AI score0.00992EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/08/25 6:17 p.m.16 views

CVE-2020-24622

In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user...

5.2AI score0.00992EPSS
Exploits0References2
CVE
CVE
added 2020/08/25 6:17 p.m.55 views

CVE-2020-24622

CVE-2020-24622 affects Sonatype Nexus Repository 3.26.1. An admin user can disclose S3 secret keys due to an information-disclosure vulnerability. The NVD entry lists CVSSv3.1 base score 4.9 (Medium) with network attack and low complexity; confidentiality impact is high while other impacts are no...

4.9CVSS5.2AI score0.00992EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/08/14 12:0 a.m.3 views

Sonatype Nexus Repository Manager Unauthorized Access Vulnerability

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype NXRM OSS/Pro versions prior to 3.26.0. An attacker could exploit the vulnerability to access...

7.5CVSS6.6AI score0.01143EPSS
Exploits0References1
OSV
OSV
added 2020/08/12 10:15 p.m.20 views

CVE-2020-15868

Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control...

7.5CVSS6.9AI score
Exploits0References1
Rows per page
Query Builder