412 matches found
CVE-2020-15868
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control...
Improper access control
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control...
CVE-2020-15868
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control...
Sonatype Nexus Repository Manager Remote Code Execution Vulnerability (CNVD-2021-32036)
Nexus Repository Manager is a repository manager from Sonatype that lets you proxy, collect, and manage your dependencies so you don't have to deal with a series of JARs as often, allowing you to distribute your software with ease.OSS is the open-source, free version, and Pro is the professional,...
CVE-2020-15871
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution...
CVE-2020-15870
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS Issue 2 of 2...
CVE-2020-15870
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS Issue 2 of 2...
CVE-2020-15869
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS issue 1 of 2...
CVE-2020-15869
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS issue 1 of 2...
Cross site scripting
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS issue 1 of 2...
CVE-2020-15871
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution...
CVE-2020-15871
CVE-2020-15871 affects Sonatype Nexus Repository Manager OSS/Pro prior to 3.25.1, enabling remote code execution. The issue is described across multiple sources as a RCE vulnerability in Nexus Repository Manager OSS/Pro versions before 3.25.1. Remediation: upgrade to version 3.25.1 or later. Publ...
CVE-2020-15869
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS issue 1 of 2...
CVE-2020-15870
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS Issue 2 of 2...
CVE-2020-15870
CVE-2020-15870 affects Sonatype Nexus Repository Manager OSS/Pro prior to 3.25.1, described as a cross-site scripting (XSS) issue. The public records in the connected documents consistently report this vulnerability as an XSS flaw without detailing the exact vulnerable component, version ranges b...
Central Security Project: Unsafe deserialization in Nexus Repository helm plugin
A remote code execution vulnerability CVE-2020-15871 has been discovered in Nexus Repository Manager 3. A user with the right permissions can run arbitrary code as the user running the Nexus Repository Manager server. Alternatively, an attacker could trick a user with the right permissions into...
Exploit for Expression Language Injection in Sonatype Nexus
Nexus Repository Manager 3 Vuln 影响版本:= 3.21.2 CVE-2020-10199、CVE-2020-10204、CVE-2020-11444 CVE-2020-10199 远程代码命令执行 回显poc 不回显poc $\A''.getClass.forName'java.lang.Runtime'.getMethods6.invokenull.exec'touch /tmp/cve-2020-10199' 普通用户权限 /service/rest/beta/repositories/go/group 需要管理员权限 1...
Sonatype Nexus Repository Manager Remote Code Execution (CVE-2020-10199)
A remote code execution vulnerability exists in Sonatype Nexus Repository Manager. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Sonatype Nexus Repository Manager Information Disclosure Vulnerability (CNVD-2020-33469)
Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype NXRM version 2.x prior to 2.14.17 and version 3.x prior to 3.22.1. An attacker can exploit the...
CVE-2020-11415
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password as configured in nxrm in cleartext...