Vulnerabilities > Sonatype

DATE CVE VULNERABILITY TITLE RISK
2022-03-30 CVE-2022-27907 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
network
low complexity
sonatype CWE-918
4.0
2022-03-17 CVE-2021-43961 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
network
sonatype CWE-79
4.3
2021-11-04 CVE-2021-43293 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).
network
low complexity
sonatype CWE-918
4.0
2021-11-02 CVE-2021-42568 Information Exposure vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.
network
low complexity
sonatype CWE-200
4.0
2021-09-07 CVE-2021-40143 Injection vulnerability in Sonatype Nexus Repository Manager 3
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection.
network
low complexity
sonatype CWE-74
6.4
2021-08-10 CVE-2021-37152 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0.
network
sonatype CWE-79
3.5
2021-06-18 CVE-2021-34553 Path Traversal vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.
network
low complexity
sonatype CWE-22
4.0
2021-04-28 CVE-2021-29159 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1.
network
sonatype CWE-79
4.3
2021-04-27 CVE-2021-30635 Path Traversal vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).
network
low complexity
sonatype CWE-22
5.0
2021-04-23 CVE-2021-29158 Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.25.1
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
network
low complexity
sonatype CWE-863
4.0