cbcvebase.

Sonatype Nexus vulnerabilities

8 known vulnerabilities affecting sonatype/nexus.

Total CVEs
8
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH6MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-10199P1HIGHCVSS 8.8KEVPoCfixed in 3.21.22020-04-01
CVE-2020-10199 [HIGH] CWE-917 CVE-2020-10199: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
nvd
CVE-2020-10204P3HIGHCVSS 7.2fixed in 3.21.22020-04-01
CVE-2020-10204 [HIGH] CWE-20 CVE-2020-10204: Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
nvd
CVE-2020-11444P3HIGHCVSS 8.8≥ 3.0.0, ≤ 3.21.22020-04-02
CVE-2020-11444 [HIGH] CWE-276 CVE-2020-11444: Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
nvd
CVE-2014-0792P3HIGHCVSS 7.5v1.0v2.0+19 more2014-01-17
CVE-2014-0792 [HIGH] CWE-94 CVE-2014-0792: Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and exec Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
nvd
CVE-2014-9389P3HIGHCVSS 7.5≤ 2.11.02015-01-05
CVE-2014-9389 [HIGH] CWE-22 CVE-2014-9389: Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attac Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.
nvd
CVE-2014-2034P3HIGHCVSS 7.5v2.4.0v2.5.0+8 more2014-04-01
CVE-2014-2034 [HIGH] CVE-2014-2034: Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to crea Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."
nvd
CVE-2020-24622P4MEDIUMCVSS 4.9≥ 3.0.0, < 3.27.02020-08-25
CVE-2020-24622 [MEDIUM] CWE-522 CVE-2020-24622: In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
nvd
CVE-2020-10203P4MEDIUMCVSS 4.8fixed in 3.21.22020-04-01
CVE-2020-10203 [MEDIUM] CWE-79 CVE-2020-10203: Sonatype Nexus Repository before 3.21.2 allows XSS. Sonatype Nexus Repository before 3.21.2 allows XSS.
nvd
Sonatype Nexus vulnerabilities | cvebase