Sonatype: >> Nexus Repository Manager >> 3.30.1 Security Vulnerabilities
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-03-30
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
CVSS Score
4.3
EPSS Score
0.005
Published
2022-03-17
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).
CVSS Score
4.3
EPSS Score
0.001
Published
2021-11-04
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-11-02
Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications.
CVSS Score
5.4
EPSS Score
0.069
Published
2021-08-10
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-06-18