Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nexus_repository_manager_3
(Sonatype)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-20 | CVE-2020-11753 | An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable). | Nexus_repository_manager_3 | 8.8 | ||
| 2021-09-07 | CVE-2021-40143 | Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance. | Nexus_repository_manager_3 | 8.2 | ||
| 2020-07-31 | CVE-2020-15871 | Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. | Nexus_repository_manager_3 | 8.8 | ||
| 2021-04-23 | CVE-2021-29158 | Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. | Nexus_repository_manager_3 | 4.9 | ||
| 2020-07-31 | CVE-2020-15870 | Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). | Nexus_repository_manager_3 | N/A | ||
| 2020-07-31 | CVE-2020-15869 | Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). | Nexus_repository_manager_3 | N/A |