Vulnerabilities > Sonatype > Nexus Repository Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-30 CVE-2022-27907 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
network
low complexity
sonatype CWE-918
4.0
2022-03-17 CVE-2021-43961 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
network
sonatype CWE-79
4.3
2021-11-04 CVE-2021-43293 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).
network
low complexity
sonatype CWE-918
4.0
2021-11-02 CVE-2021-42568 Information Exposure vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.
network
low complexity
sonatype CWE-200
4.0
2021-06-18 CVE-2021-34553 Path Traversal vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.
network
low complexity
sonatype CWE-22
4.0
2021-04-28 CVE-2021-29159 Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1.
network
sonatype CWE-79
4.3
2021-04-27 CVE-2021-30635 Path Traversal vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).
network
low complexity
sonatype CWE-22
5.0
2020-12-17 CVE-2020-29436 XXE vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability.
network
low complexity
sonatype CWE-611
5.5
2020-08-12 CVE-2020-15868 Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
network
low complexity
sonatype CWE-863
5.0
2020-04-27 CVE-2020-11415 Cleartext Storage of Sensitive Information vulnerability in Sonatype Nexus Repository Manager
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1.
network
low complexity
sonatype CWE-312
4.0