Vulnerabilities > Sonatype > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-25 | CVE-2020-24622 | Insufficiently Protected Credentials vulnerability in Sonatype Nexus In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. | 4.0 |
| 2020-08-12 | CVE-2020-15868 | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. | 5.0 |
| 2020-07-31 | CVE-2020-15871 | Incorrect Permission Assignment for Critical Resource vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. | 6.8 |
| 2020-07-31 | CVE-2020-15870 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). | 4.3 |
| 2020-07-31 | CVE-2020-15869 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager 3 Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). | 4.3 |
| 2020-04-27 | CVE-2020-11415 | Cleartext Storage of Sensitive Information vulnerability in Sonatype Nexus Repository Manager An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. | 4.0 |
| 2020-04-02 | CVE-2020-11444 | Incorrect Default Permissions vulnerability in Sonatype Nexus Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. | 6.5 |
| 2019-10-16 | CVE-2019-15893 | Unspecified vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. | 6.5 |
| 2019-07-08 | CVE-2019-9630 | Incorrect Default Permissions vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images. | 5.0 |
| 2019-05-07 | CVE-2019-11629 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. | 4.3 |