Vulnerabilities > Sonatype
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-17 | CVE-2020-29436 | XXE vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. | 5.5 |
| 2020-10-12 | CVE-2020-15012 | Path Traversal vulnerability in Sonatype Nexus Repository Manager A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. | 7.8 |
| 2020-08-25 | CVE-2020-24622 | Insufficiently Protected Credentials vulnerability in Sonatype Nexus In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. | 4.0 |
| 2020-08-12 | CVE-2020-15868 | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. | 5.0 |
| 2020-07-31 | CVE-2020-15871 | Incorrect Permission Assignment for Critical Resource vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. | 6.8 |
| 2020-07-31 | CVE-2020-15870 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). | 4.3 |
| 2020-07-31 | CVE-2020-15869 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). | 4.3 |
| 2020-04-27 | CVE-2020-11415 | Cleartext Storage of Sensitive Information vulnerability in Sonatype Nexus Repository Manager An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. | 4.0 |
| 2020-04-20 | CVE-2020-11753 | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.21.1/3.22.0 An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. | 8.8 |
| 2020-04-02 | CVE-2020-11444 | Incorrect Default Permissions vulnerability in Sonatype Nexus Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. | 6.5 |