Vulnerabilities > Sonatype > Nexus Repository Manager

DATE CVE VULNERABILITY TITLE RISK
2022-03-30 CVE-2022-27907 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
network
low complexity
sonatype CWE-918
4.3
2022-03-17 CVE-2021-43961 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
network
low complexity
sonatype CWE-79
4.3
2021-11-04 CVE-2021-43293 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).
network
low complexity
sonatype CWE-918
4.3
2021-11-02 CVE-2021-42568 Unspecified vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.
network
low complexity
sonatype
4.3
2021-08-10 CVE-2021-37152 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0.
network
low complexity
sonatype CWE-79
5.4
2021-06-18 CVE-2021-34553 Path Traversal vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.
network
low complexity
sonatype CWE-22
4.3
2021-04-28 CVE-2021-29159 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1.
network
low complexity
sonatype CWE-79
6.1
2021-04-27 CVE-2021-30635 Path Traversal vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).
network
low complexity
sonatype CWE-22
5.3
2020-12-17 CVE-2020-29436 XXE vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability.
network
low complexity
sonatype CWE-611
6.5
2020-10-12 CVE-2020-15012 Path Traversal vulnerability in Sonatype Nexus Repository Manager
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19.
network
low complexity
sonatype CWE-22
8.6