Vulnerabilities > Sonatype

DATE CVE VULNERABILITY TITLE RISK
2021-06-18 CVE-2021-34553 Path Traversal vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.
network
low complexity
sonatype CWE-22
4.0
2021-04-28 CVE-2021-29159 Cross-Site Scripting vulnerability in Sonatype Nexus Repository Manager
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1.
network
sonatype CWE-79
4.3
2021-04-27 CVE-2021-30635 Path Traversal vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).
network
low complexity
sonatype CWE-22
5.0
2021-04-23 CVE-2021-29158 Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.25.1
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
network
low complexity
sonatype CWE-863
4.0
2020-12-17 CVE-2020-29436 XXE vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability.
network
low complexity
sonatype CWE-611
5.5
2020-10-12 CVE-2020-15012 Path Traversal vulnerability in Sonatype Nexus Repository Manager
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19.
network
low complexity
sonatype CWE-22
7.8
2020-08-25 CVE-2020-24622 Information Exposure vulnerability in Sonatype Nexus 3.26.1
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
network
low complexity
sonatype CWE-200
4.0
2020-08-12 CVE-2020-15868 Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
network
low complexity
sonatype CWE-863
5.0
2020-07-31 CVE-2020-15871 Incorrect Permission Assignment for Critical Resource vulnerability in Sonatype Nexus Repository Manager 3
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.
network
sonatype CWE-732
6.8
2020-07-31 CVE-2020-15870 Cross-Site Scripting vulnerability in Sonatype Nexus Repository Manager 3
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2).
network
sonatype CWE-79
4.3