Sonatype: >> Nexus Repository Manager 3 Security Vulnerabilities
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
CVSS Score
8.2
EPSS Score
0.006
Published
2021-09-07
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
CVSS Score
4.9
EPSS Score
0.002
Published
2021-04-23
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-31
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2).
CVSS Score
6.1
EPSS Score
0.003
Published
2020-07-31
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.
CVSS Score
8.8
EPSS Score
0.01
Published
2020-07-31
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).
CVSS Score
8.8
EPSS Score
0.013
Published
2020-04-20