3.22.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sonatype

CWE-863

NVD

Published: 2020-04-20

Updated: 2022-10-05

Summary

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).

Vulnerable Configurations

Part	Description	Count
Application	Sonatype Sonatype Nexus Repository Manager 3 3.22.0 Sonatype Nexus Repository Manager 3 3.21.1	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://support.sonatype.com/hc/en-us/articles/360046233714
https://cwe.mitre.org/data/definitions/284.html