Vulnerabilities > Sonatype

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-5764 Use of Hard-coded Credentials vulnerability in Sonatype Nexus
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others).
network
low complexity
sonatype CWE-798
6.5
2022-03-30 CVE-2022-27907 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
network
low complexity
sonatype CWE-918
4.3
2022-03-17 CVE-2021-43961 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
network
low complexity
sonatype CWE-79
4.3
2021-11-04 CVE-2021-43293 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).
network
low complexity
sonatype CWE-918
4.3
2021-11-02 CVE-2021-42568 Unspecified vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.
network
low complexity
sonatype
4.3
2021-09-07 CVE-2021-40143 Injection vulnerability in Sonatype Nexus Repository Manager 3
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection.
network
low complexity
sonatype CWE-74
8.2
2021-08-10 CVE-2021-37152 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0.
network
low complexity
sonatype CWE-79
5.4
2021-06-18 CVE-2021-34553 Path Traversal vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.
network
low complexity
sonatype CWE-22
4.3
2021-04-28 CVE-2021-29159 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1.
network
low complexity
sonatype CWE-79
6.1
2021-04-27 CVE-2021-30635 Path Traversal vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).
network
low complexity
sonatype CWE-22
5.3