412 matches found
CVE-2020-11415
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password as configured in nxrm in cleartext...
Default credentials
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password as configured in nxrm in cleartext...
CVE-2020-11415
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password as configured in nxrm in cleartext...
Sonatype Nexus Repository Manager Elevation of Privilege Vulnerability
Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A security vulnerability exists in Sonatype NXRM. An attacker can exploit this vulnerability to bypass security restrictions and elevate privileges...
CVE-2020-11753
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default making this not...
CVE-2020-11753
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default making this not...
CVE-2020-11753
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default making this not...
PT-2020-12823 · Sonatype · Sonatype Nexus Repository Manager +1
Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository Manager versions 3.21.1 Description: An issue was discovered in Sonatype Nexus Repository Manager. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of t...
Nexus Repository Manager - Java EL Injection RCE (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...
Nexus Repository Manager 3.21.1-01 Remote Code Execution Exploit
This Metasploit module exploits a Java Expression Language EL injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01. This module requires Metasploit: https://metasploit.com/download Current source:...
Nexus Repository Manager 3.21.1-01 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...
Persistent Cross-Site scripting in Nexus Repository Manager
Sonatype Nexus Repository before 3.21.2 allows XSS...
GHSA-3944-787C-F852 Persistent Cross-Site scripting in Nexus Repository Manager
Sonatype Nexus Repository before 3.21.2 allows XSS...
Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...
GHSA-8H56-V53H-5HHJ Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...
Nexus Repository Manager 3 - Remote Code Execution
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...
GHSA-G2F6-V5QH-H2MQ Nexus Repository Manager 3 - Remote Code Execution
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...
Nexus Repository Manager Incorrect Access Control Vulnerability
Nexus Repository Manager is a repository manager from Sonatype that lets you proxy, collect, and manage your dependencies so you don't have to deal with a series of JARs on a regular basis, making it easy to distribute your software. An incorrect access control vulnerability exists in Nexus...
CVE-2020-11444
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control...
Improper access control
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control...