Skip to main content

Nexus

8 CVEs product

Monthly

CVE-2020-24622 MEDIUM This Month

In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexus
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2020-11444 HIGH PATCH This Week

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Nexus
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2020-10204 Maven HIGH PATCH This Week

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Nexus
NVD
CVSS 3.1
7.2
EPSS
24.3%
CVE-2020-10203 Maven MEDIUM PATCH This Month

Sonatype Nexus Repository before 3.21.2 allows XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nexus
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-10199 Maven HIGH POC KEV PATCH THREAT Act Now

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Nexus
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
99.1%
CVE-2014-9389 HIGH PATCH This Week

Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-2034 HIGH This Week

Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexus
NVD VulDB
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-0792 HIGH PATCH This Week

Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Nexus
NVD
CVSS 2.0
7.5
EPSS
3.1%
EPSS 1% CVSS 4.9
MEDIUM This Month

In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexus
NVD
EPSS 9% CVSS 8.8
HIGH PATCH This Week

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Nexus
NVD
EPSS 24% CVSS 7.2
HIGH PATCH This Week

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Nexus
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Sonatype Nexus Repository before 3.21.2 allows XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nexus
NVD
EPSS 99% CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Nexus
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nexus
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexus
NVD VulDB
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Nexus
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy