Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sonatype nexus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4956
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated malicious user to read system files. Fixed in version 3.68.1.
12 Github repositories
4
CVSSv2
CVE-2022-27907
Sonatype Nexus Repository Manager 3.x prior to 3.38.0 allows SSRF.
Sonatype Nexus Repository Manager
4.3
CVSSv2
CVE-2021-43961
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
Sonatype Nexus Repository Manager
4
CVSSv2
CVE-2021-43293
Sonatype Nexus Repository Manager 3.x prior to 3.36.0 allows a remote authenticated malicious user to potentially perform network enumeration via Server Side Request Forgery (SSRF).
Sonatype Nexus Repository Manager
4
CVSSv2
CVE-2021-42568
Sonatype Nexus Repository Manager 3.x up to and including 3.35.0 allows malicious users to access the SSL Certificates Loading function via a low-privileged account.
Sonatype Nexus Repository Manager
6.4
CVSSv2
CVE-2021-40143
Sonatype Nexus Repository 3.x up to and including 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
Sonatype Nexus Repository Manager 3
3.5
CVSSv2
CVE-2021-37152
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 prior to 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications.
Sonatype Nexus Repository Manager
4
CVSSv2
CVE-2021-34553
Sonatype Nexus Repository Manager 3.x prior to 3.31.0 allows a remote authenticated malicious user to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.
Sonatype Nexus Repository Manager
5
CVSSv2
CVE-2021-30635
Sonatype Nexus Repository Manager 3.x prior to 3.30.1 allows a remote malicious user to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed).
4
CVSSv2
CVE-2021-29158
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »