sonatype
Latest CVEs
The 15 most recently published vulnerabilities affecting sonatype.
- CVE-2024-5082Nexus Repository 2 - Remote Code Execution7.6
- CVE-2024-5083Nexus Repository 2 - Stored XSS5.4
- CVE-2024-5764Nexus Repository 3 - Static hard-coded encryption passphrase used by default6.5
- CVE-2024-4956Nexus Repository 3 - Path Traversal7.5
- CVE-2024-1142Sonatype IQ Server - Path Traversal5.4
- CVE-2022-27907Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.4.3
- CVE-2021-43961Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.4.3
- CVE-2021-43293Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).4.3
- CVE-2021-42568Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.4.3
- CVE-2021-40143Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request externa...8.2
- CVE-2021-37152Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository...5.4
- CVE-2021-34553Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been gr...4.3
- CVE-2021-29159A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when...6.1
- CVE-2021-30635Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific d...5.3
- CVE-2021-29158Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.4.9