6 results (0.004 seconds)

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. En Sonatype Nexus Repository versión 3.26.1, un usuario administrador puede exponer una clave secreta de S3 • https://issues.sonatype.org/browse/NEXUS-25019 https://support.sonatype.com/hc/en-us/articles/360053516793 • CWE-522: Insufficiently Protected Credentials •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. Sonatype Nexus Repository Manager versiones 3.x hasta 3.21.2 incluyéndola, presenta un Control de Acceso Incorrecto. • https://github.com/zhzyker/CVE-2020-11444 https://github.com/CN016/Nexus-Repository-Manager-3-CVE-2020-11444- https://support.sonatype.com https://support.sonatype.com/hc/en-us/articles/360046133553 • CWE-276: Incorrect Default Permissions •

CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 7

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). Sonatype Nexus Repository versiones anteriores a 3.21.2, permite una inyección JavaEL (problema 1 de 2). Sonatype Nexus version 3.21.1 suffers from an authenticated remote code execution vulnerability. Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution. • https://www.exploit-db.com/exploits/49385 https://www.exploit-db.com/exploits/48343 https://github.com/jas502n/CVE-2020-10199 https://github.com/aleenzz/CVE-2020-10199 https://github.com/wsfengfan/CVE-2020-10199-10204 https://github.com/hugosg97/CVE-2020-10199-Nexus-3.21.01 http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html https:/ • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •

CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 1

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. Sonatype Nexus Repository versiones anteriores a 3.21.2, permite una ejecución de código remota. • https://github.com/zhzyker/CVE-2020-10204 https://support.sonatype.com/hc/en-us/articles/360044356194 • CWE-20: Improper Input Validation •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Sonatype Nexus Repository before 3.21.2 allows XSS. Sonatype Nexus Repository versiones anteriores a 3.21.2, permite un ataque de tipo XSS. • https://support.sonatype.com/hc/en-us/articles/360044361594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •