Sonatype: >> Nexus Repository Manager >> 3.14.0 Security Vulnerabilities
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-22
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-08
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
CVSS Score
7.5
EPSS Score
0.011
Published
2019-07-08
Page 2