Lucene search
K

412 matches found

OSV
OSV
added 2020/04/27 3:15 p.m.19 views

CVE-2020-11415

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password as configured in nxrm in cleartext...

4.9CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2020/04/27 3:15 p.m.12 views

Default credentials

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password as configured in nxrm in cleartext...

4CVSS5.2AI score0.00648EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/27 2:35 p.m.14 views

CVE-2020-11415

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password as configured in nxrm in cleartext...

5.2AI score0.00648EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/21 12:0 a.m.2 views

Sonatype Nexus Repository Manager Elevation of Privilege Vulnerability

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A security vulnerability exists in Sonatype NXRM. An attacker can exploit this vulnerability to bypass security restrictions and elevate privileges...

8.8CVSS6.9AI score0.01715EPSS
Exploits0References1
NVD
NVD
added 2020/04/20 7:15 p.m.12 views

CVE-2020-11753

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default making this not...

8.8CVSS8.5AI score0.01715EPSS
Exploits0References2
OSV
OSV
added 2020/04/20 7:15 p.m.1 views

CVE-2020-11753

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default making this not...

8.8CVSS7.3AI score0.01715EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/04/20 6:49 p.m.14 views

CVE-2020-11753

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default making this not...

8.6AI score0.01715EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/04/20 12:0 a.m.3 views

PT-2020-12823 · Sonatype · Sonatype Nexus Repository Manager +1

Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository Manager versions 3.21.1 Description: An issue was discovered in Sonatype Nexus Repository Manager. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of t...

8.8CVSS8.5AI score0.01715EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2020/04/17 12:0 a.m.502 views

Nexus Repository Manager - Java EL Injection RCE (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...

9CVSS8.7AI score0.99064EPSS
Exploits10
0day.today
0day.today
added 2020/04/16 12:0 a.m.206 views

Nexus Repository Manager 3.21.1-01 Remote Code Execution Exploit

This Metasploit module exploits a Java Expression Language EL injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01. This module requires Metasploit: https://metasploit.com/download Current source:...

9CVSS9AI score0.99064EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/04/16 12:0 a.m.258 views

Nexus Repository Manager 3.21.1-01 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...

9CVSS8.7AI score0.99064EPSS
Exploits10
Github Security Blog
Github Security Blog
added 2020/04/14 3:27 p.m.64 views

Persistent Cross-Site scripting in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows XSS...

4.8CVSS2.4AI score0.00918EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/04/14 3:27 p.m.14 views

GHSA-3944-787C-F852 Persistent Cross-Site scripting in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows XSS...

4.8CVSS5AI score0.00918EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/04/14 3:27 p.m.99 views

Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...

9CVSS4.2AI score0.24318EPSS
Exploits3References6Affected Software1
OSV
OSV
added 2020/04/14 3:27 p.m.64 views

GHSA-8H56-V53H-5HHJ Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...

8.8CVSS7.2AI score0.24318EPSS
Exploits3References5
Github Security Blog
Github Security Blog
added 2020/04/14 3:27 p.m.340 views

Nexus Repository Manager 3 - Remote Code Execution

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

9CVSS2.8AI score0.99064EPSS
Exploits10References8Affected Software1
OSV
OSV
added 2020/04/14 3:27 p.m.51 views

GHSA-G2F6-V5QH-H2MQ Nexus Repository Manager 3 - Remote Code Execution

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

8.8CVSS8.7AI score0.99064EPSS
Exploits10References8
CNVD
CNVD
added 2020/04/03 12:0 a.m.3 views

Nexus Repository Manager Incorrect Access Control Vulnerability

Nexus Repository Manager is a repository manager from Sonatype that lets you proxy, collect, and manage your dependencies so you don't have to deal with a series of JARs on a regular basis, making it easy to distribute your software. An incorrect access control vulnerability exists in Nexus...

8.8CVSS6.8AI score0.08508EPSS
Exploits2References1
NVD
NVD
added 2020/04/02 6:15 p.m.10 views

CVE-2020-11444

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control...

8.8CVSS8.7AI score0.08508EPSS
Exploits2References2
Prion
Prion
added 2020/04/02 6:15 p.m.14 views

Improper access control

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control...

6.5CVSS8.7AI score0.08508EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder