An issue exists in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sonatype nexus repository manager 3 3.22.0 |
||
sonatype nexus repository manager 3 3.21.1 |