Nexus Repository
Monthly
Arbitrary OS command execution in Sonatype Nexus Repository 3 versions prior to 3.92.0 allows authenticated users holding the nx-licensing-create privilege to run commands as the Nexus process user by uploading a malicious license file. The flaw is rooted in unsafe deserialization (CWE-502) during license processing. No public exploit identified at time of analysis.
Stored cross-site scripting (XSS) in Sonatype Nexus Repository 3.6.0 through 3.91.x allows authenticated users with upload permissions to inject malicious JavaScript into repository content, which executes in the browsers of any user viewing the affected repository directory via the HTML index page. An attacker can perform unauthorized actions within a victim's session context, including potential data theft or privilege escalation depending on the victim's role. The vulnerability requires user interaction (clicking/viewing the malicious content) and prior repository upload access, limiting but not eliminating real-world risk in multi-tenant or open-source repository environments.
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server.
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitation requires the non-default nexus.orient.binaryListenerEnabled=true configuration to be enabled.
Arbitrary OS command execution in Sonatype Nexus Repository 3 versions prior to 3.92.0 allows authenticated users holding the nx-licensing-create privilege to run commands as the Nexus process user by uploading a malicious license file. The flaw is rooted in unsafe deserialization (CWE-502) during license processing. No public exploit identified at time of analysis.
Stored cross-site scripting (XSS) in Sonatype Nexus Repository 3.6.0 through 3.91.x allows authenticated users with upload permissions to inject malicious JavaScript into repository content, which executes in the browsers of any user viewing the affected repository directory via the HTML index page. An attacker can perform unauthorized actions within a victim's session context, including potential data theft or privilege escalation depending on the victim's role. The vulnerability requires user interaction (clicking/viewing the malicious content) and prior repository upload access, limiting but not eliminating real-world risk in multi-tenant or open-source repository environments.
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server.
CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitation requires the non-default nexus.orient.binaryListenerEnabled=true configuration to be enabled.