Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-29158 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. | |||||
CVE-2021-40143 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance. | |||||
CVE-2020-15871 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. | |||||
CVE-2020-11753 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable). | |||||
CVE-2020-15869 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2023-12-10 | 4.3 MEDIUM | 5.4 MEDIUM |
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). | |||||
CVE-2020-15870 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). |