412 matches found
CVE-2020-11444
CVE-2020-11444 affects Sonatype Nexus Repository Manager 3.x up to 3.21.2, with an Incorrect Access Control flaw that enables unauthorized actions on the server. Red Hat and CNVD entries confirm the issue exists in Nexus 3.x; public exploit references show a workaround: an unauthenticated or mini...
CVE-2020-11444
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control...
Sonatype Nexus Repository Manager Command Execution Vulnerability
Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A command execution vulnerability exists in Sonatype Nexus Repository Manager. An attacker can exploit this vulnerability to execute code...
Sonatype Nexus Repository Manager Command Execution Vulnerability (CNVD-2020-28477)
Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. A command execution vulnerability exists in Sonatype Nexus Repository Manager. An attacker can exploit this vulnerability to execute arbitrary code with the help of a malicious request...
CVE-2020-10203
Sonatype Nexus Repository before 3.21.2 allows XSS...
CVE-2020-10199
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...
CVE-2020-10199
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...
CVE-2020-10204
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...
Cross site scripting
Sonatype Nexus Repository before 3.21.2 allows XSS...
Crlf injection
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...
CVE-2020-10199
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...
CVE-2020-10199
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...
CVE-2020-10199
CVE-2020-10199 is a remote code execution vulnerability in Sonatype Nexus Repository Manager (NXRM) caused by a Java EL injection vulnerability. Affected versions are NXRM prior to 3.21.2 (with references noting exploitable in 3.21.1 and earlier). The underlying issue is a Java EL injection in Ne...
CVE-2020-10204
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...
CVE-2020-10203
The provided connected documents confirm CVE-2020-10203 affects Sonatype Nexus Repository prior to version 3.21.2, describing a cross-site scripting (XSS) vulnerability. The materials do not specify the root cause, affected subcomponents, technical details, exploit status, or a remediation/workar...
CVE-2020-10203
Sonatype Nexus Repository before 3.21.2 allows XSS...
CVE-2020-10199
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2. Recent assessments: wvu-r7 at April 04, 2020 5:05am UTC reported: WIP exploit module: https://github.com/rapid7/metasploit-framework/pull/13195. Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...
PT-2020-6522 · Sonatype · Sonatype Nexus Repository +1
Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository versions prior to 3.21.2 Description: The issue is related to incorrect code generation management in the Sonatype Nexus Repository Manager, which can be exploited by a remote attacker to execute arbitrary code by...
CVE-2020-10204
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. Recent assessments: ericalexanderorg at April 03, 2020 1:18pm UTC reported: Wording on this and eludes to an authenticated RCE, but they consider an anonymous user authenticated. Nexus servers store artifacts that could be...
Sonatype Nexus Repository Manager 3 Remote Code Execution (CVE-2019-7238)
A remote code execution vulnerability exists in Sonatype Nexus Repository Manager 3. This vulnerability is due to insufficient validation of the parameter in the previewAssets function. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the...