NotCVE - vendor:"Sonatype" product:"Nexus" version:"

9 results (0.002 seconds)

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-24622

https://notcve.org/view.php?id=CVE-2020-24622

In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. En Sonatype Nexus Repository versión 3.26.1, un usuario administrador puede exponer una clave secreta de S3 • https://issues.sonatype.org/browse/NEXUS-25019 https://support.sonatype.com/hc/en-us/articles/360053516793 • CWE-522: Insufficiently Protected Credentials •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2020-11444

https://notcve.org/view.php?id=CVE-2020-11444

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. Sonatype Nexus Repository Manager versiones 3.x hasta 3.21.2 incluyéndola, presenta un Control de Acceso Incorrecto. • https://github.com/zhzyker/CVE-2020-11444 https://github.com/CN016/Nexus-Repository-Manager-3-CVE-2020-11444- https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/360046133553 • CWE-276: Incorrect Default Permissions •

CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 7

CVE-2020-10199 – Sonatype Nexus Repository Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). Sonatype Nexus Repository versiones anteriores a 3.21.2, permite una inyección JavaEL (problema 1 de 2). Sonatype Nexus version 3.21.1 suffers from an authenticated remote code execution vulnerability. Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution. • https://www.exploit-db.com/exploits/49385 https://www.exploit-db.com/exploits/48343 https://github.com/jas502n/CVE-2020-10199 https://github.com/aleenzz/CVE-2020-10199 https://github.com/wsfengfan/CVE-2020-10199-10204 https://github.com/hugosg97/CVE-2020-10199-Nexus-3.21.01 http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html https:/ • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •

CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 1

CVE-2020-10204

https://notcve.org/view.php?id=CVE-2020-10204

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. Sonatype Nexus Repository versiones anteriores a 3.21.2, permite una ejecución de código remota. • https://github.com/zhzyker/CVE-2020-10204 https://support.sonatype.com/hc/en-us/articles/360044356194 • CWE-20: Improper Input Validation •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-10203

https://notcve.org/view.php?id=CVE-2020-10203

Sonatype Nexus Repository before 3.21.2 allows XSS. Sonatype Nexus Repository versiones anteriores a 3.21.2, permite un ataque de tipo XSS. • https://support.sonatype.com/hc/en-us/articles/360044361594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2