Vulnerabilites related to sonatype - nexus
cve-2014-9389
Vulnerability from cvelistv5
Published
2015-01-05 20:00
Modified
2024-08-06 13:40
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/61134 | third-party-advisory, x_refsource_SECUNIA | |
| https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/"
},
{
"name": "61134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61134"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-05T19:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/"
},
{
"name": "61134",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61134"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/",
"refsource": "CONFIRM",
"url": "http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/"
},
{
"name": "61134",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61134"
},
{
"name": "https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal",
"refsource": "CONFIRM",
"url": "https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9389",
"datePublished": "2015-01-05T20:00:00",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10199
Vulnerability from cvelistv5
Published
2020-04-01 18:27
Modified
2025-02-04 20:04
Severity ?
EPSS score ?
Summary
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.sonatype.com/hc/en-us/articles/360044882533 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html | x_refsource_MISC | |
| https://cwe.mitre.org/data/definitions/917.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044882533"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/917.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-10199",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:56:26.746306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10199"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:04:49.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:15:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044882533"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/917.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.sonatype.com/hc/en-us/articles/360044882533",
"refsource": "CONFIRM",
"url": "https://support.sonatype.com/hc/en-us/articles/360044882533"
},
{
"name": "http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html"
},
{
"name": "https://cwe.mitre.org/data/definitions/917.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/917.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10199",
"datePublished": "2020-04-01T18:27:23.000Z",
"dateReserved": "2020-03-06T00:00:00.000Z",
"dateUpdated": "2025-02-04T20:04:49.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0792
Vulnerability from cvelistv5
Published
2014-01-17 16:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.sonatype.org/advisories/archive/2014-01-13-Nexus | x_refsource_CONFIRM | |
| https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability | x_refsource_CONFIRM | |
| https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-17T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus",
"refsource": "CONFIRM",
"url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus"
},
{
"name": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability",
"refsource": "CONFIRM",
"url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability"
},
{
"name": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist",
"refsource": "CONFIRM",
"url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0792",
"datePublished": "2014-01-17T16:00:00",
"dateReserved": "2014-01-03T00:00:00",
"dateUpdated": "2024-08-06T09:27:19.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7238
Vulnerability from cvelistv5
Published
2019-03-21 16:45
Modified
2025-02-04 20:28
Severity ?
EPSS score ?
Summary
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:45.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-7238",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:26:02.871265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7238"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:28:37.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-21T16:45:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019",
"refsource": "MISC",
"url": "https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7238",
"datePublished": "2019-03-21T16:45:23.000Z",
"dateReserved": "2019-01-30T00:00:00.000Z",
"dateUpdated": "2025-02-04T20:28:37.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24622
Vulnerability from cvelistv5
Published
2020-08-25 18:17
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.sonatype.org/browse/NEXUS-25019 | x_refsource_MISC | |
| https://support.sonatype.com/hc/en-us/articles/360053516793 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:08.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.sonatype.org/browse/NEXUS-25019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360053516793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T17:55:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.sonatype.org/browse/NEXUS-25019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360053516793"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.sonatype.org/browse/NEXUS-25019",
"refsource": "MISC",
"url": "https://issues.sonatype.org/browse/NEXUS-25019"
},
{
"name": "https://support.sonatype.com/hc/en-us/articles/360053516793",
"refsource": "CONFIRM",
"url": "https://support.sonatype.com/hc/en-us/articles/360053516793"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24622",
"datePublished": "2020-08-25T18:17:49",
"dateReserved": "2020-08-25T00:00:00",
"dateUpdated": "2024-08-04T15:19:08.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10203
Vulnerability from cvelistv5
Published
2020-04-01 18:04
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
Sonatype Nexus Repository before 3.21.2 allows XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.sonatype.com/hc/en-us/articles/360044361594 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044361594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus Repository before 3.21.2 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T18:04:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044361594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sonatype Nexus Repository before 3.21.2 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.sonatype.com/hc/en-us/articles/360044361594",
"refsource": "CONFIRM",
"url": "https://support.sonatype.com/hc/en-us/articles/360044361594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10203",
"datePublished": "2020-04-01T18:04:39",
"dateReserved": "2020-03-06T00:00:00",
"dateUpdated": "2024-08-04T10:58:39.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11444
Vulnerability from cvelistv5
Published
2020-04-02 17:22
Modified
2024-08-04 11:28
Severity ?
EPSS score ?
Summary
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.sonatype.com | x_refsource_MISC | |
| https://support.sonatype.com/hc/en-us/articles/360046133553 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.sonatype.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360046133553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T17:22:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.sonatype.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360046133553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.sonatype.com",
"refsource": "MISC",
"url": "https://support.sonatype.com"
},
{
"name": "https://support.sonatype.com/hc/en-us/articles/360046133553",
"refsource": "CONFIRM",
"url": "https://support.sonatype.com/hc/en-us/articles/360046133553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11444",
"datePublished": "2020-04-02T17:22:04",
"dateReserved": "2020-04-01T00:00:00",
"dateUpdated": "2024-08-04T11:28:13.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5764
Vulnerability from cvelistv5
Published
2024-10-23 14:47
Modified
2024-10-23 15:55
Severity ?
EPSS score ?
Summary
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected versions relied on a static hard-coded encryption passphrase. While it was possible for an administrator to define an alternate encryption passphrase, it could only be done at first boot and not updated.
This issue affects Nexus Repository: from 3.0.0 through 3.72.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.sonatype.com/hc/en-us/articles/34496708991507 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sonatype | Nexus Repository |
Version: 3.0.0 ≤ 3.72.0 cpe:2.3:a:sonatype:nexus_repository_manager:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.3.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.5.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.5.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.5.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.6.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.6.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.6.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.7.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.7.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.8.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.9.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.10.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.11.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.12.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.12.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.13.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.14.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.15.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.15.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.15.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.16.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.16.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.16.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.17.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.18.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.18.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.19.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.19.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.20.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.20.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.21.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.21.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.21.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.22.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.22.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.23.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.24.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.25.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.25.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.26.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.26.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.27.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.28.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.28.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.29.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.29.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.30.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.30.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.31.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.31.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.32.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.33.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.33.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.34.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.34.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.35.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.36.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.37.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.37.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.32.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.37.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.37.3:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.38.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.38.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.39.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.40.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.40.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.41.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.41.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.42.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.43.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.44.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.45.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.45.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.46.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.47.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.47.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.48.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.49.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.50.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.51.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.52.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.53.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.53.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.54.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.54.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.55.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.56.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.57.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.57.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.58.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.58.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.59.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.60.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.61.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.62.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.63.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.64.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.65.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.66.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.67.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.67.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.68.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.68.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.69.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.70.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.70.1:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.70.2:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.70.3:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.71.0:*:*:*:*:*:*:* cpe:2.3:a:sonatype:nexus_repository_manager:3.72.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T15:54:50.774189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T15:55:05.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:sonatype:nexus_repository_manager:3.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.12.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.14.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.15.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.15.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.15.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.16.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.16.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.16.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.17.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.18.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.18.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.19.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.19.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.20.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.20.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.21.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.21.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.21.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.22.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.22.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.23.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.24.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.25.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.25.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.26.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.26.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.27.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.28.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.28.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.29.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.29.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.30.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.30.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.31.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.31.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.32.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.33.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.33.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.34.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.34.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.35.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.36.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.37.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.37.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.32.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.37.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.37.3:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.38.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.38.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.39.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.40.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.40.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.41.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.41.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.42.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.43.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.44.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.45.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.45.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.46.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.47.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.47.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.48.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.49.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.50.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.51.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.52.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.53.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.53.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.54.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.54.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.55.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.56.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.57.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.57.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.58.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.58.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.59.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.60.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.61.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.62.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.63.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.64.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.65.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.66.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.67.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.67.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.68.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.68.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.69.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.70.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.70.1:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.70.2:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.70.3:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.71.0:*:*:*:*:*:*:*",
"cpe:2.3:a:sonatype:nexus_repository_manager:3.72.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Nexus Repository",
"vendor": "Sonatype",
"versions": [
{
"lessThanOrEqual": "3.72.0",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dylan Evans at/of Maveris, LLC"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected versions relied on a static hard-coded encryption passphrase. While it was possible for an administrator to define an alternate encryption passphrase, it could only be done at first boot and not updated.\u003c/p\u003e\u003cp\u003eThis issue affects Nexus Repository: from 3.0.0 through 3.72.0.\u003c/p\u003e"
}
],
"value": "Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected versions relied on a static hard-coded encryption passphrase. While it was possible for an administrator to define an alternate encryption passphrase, it could only be done at first boot and not updated.\n\nThis issue affects Nexus Repository: from 3.0.0 through 3.72.0."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:47:55.783Z",
"orgId": "103e4ec9-0a87-450b-af77-479448ddef11",
"shortName": "Sonatype"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/34496708991507"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Nexus Repository 3 - Static hard-coded encryption passphrase used by default",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "103e4ec9-0a87-450b-af77-479448ddef11",
"assignerShortName": "Sonatype",
"cveId": "CVE-2024-5764",
"datePublished": "2024-10-23T14:47:55.783Z",
"dateReserved": "2024-06-07T20:20:30.499Z",
"dateUpdated": "2024-10-23T15:55:05.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10204
Vulnerability from cvelistv5
Published
2020-04-01 18:21
Modified
2024-08-04 10:58
Severity ?
EPSS score ?
Summary
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.sonatype.com/hc/en-us/articles/360044356194 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044356194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-17T18:08:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044356194"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.sonatype.com/hc/en-us/articles/360044356194",
"refsource": "CONFIRM",
"url": "https://support.sonatype.com/hc/en-us/articles/360044356194"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10204",
"datePublished": "2020-04-01T18:21:12",
"dateReserved": "2020-03-06T00:00:00",
"dateUpdated": "2024-08-04T10:58:39.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2034
Vulnerability from cvelistv5
Published
2014-04-01 00:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.sonatype.org/advisories/archive/2014-03-03-Nexus | x_refsource_CONFIRM | |
| http://www.osvdb.org/104049 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/57142 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/65956 | vdb-entry, x_refsource_BID | |
| https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus"
},
{
"name": "104049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/104049"
},
{
"name": "57142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57142"
},
{
"name": "65956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65956"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to \"an unauthenticated execution path.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-31T23:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus"
},
{
"name": "104049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/104049"
},
{
"name": "57142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57142"
},
{
"name": "65956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65956"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to \"an unauthenticated execution path.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus",
"refsource": "CONFIRM",
"url": "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus"
},
{
"name": "104049",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/104049"
},
{
"name": "57142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57142"
},
{
"name": "65956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65956"
},
{
"name": "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API",
"refsource": "CONFIRM",
"url": "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2034",
"datePublished": "2014-04-01T00:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-04-01 19:15
Modified
2024-11-21 04:54
Severity ?
Summary
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.sonatype.com/hc/en-us/articles/360044356194 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.sonatype.com/hc/en-us/articles/360044356194 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B98DA8A-C0CE-4902-9DD1-3FBEC00215FC",
"versionEndExcluding": "3.21.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution."
},
{
"lang": "es",
"value": "Sonatype Nexus Repository versiones anteriores a 3.21.2, permite una ejecuci\u00f3n de c\u00f3digo remota."
}
],
"id": "CVE-2020-10204",
"lastModified": "2024-11-21T04:54:57.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-01T19:15:14.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044356194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044356194"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-17 20:55
Modified
2024-11-21 02:02
Severity ?
Summary
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonatype | nexus | 1.0 | |
| sonatype | nexus | 2.0 | |
| sonatype | nexus | 2.0.1 | |
| sonatype | nexus | 2.0.2 | |
| sonatype | nexus | 2.0.3 | |
| sonatype | nexus | 2.0.4 | |
| sonatype | nexus | 2.0.4 | |
| sonatype | nexus | 2.0.5 | |
| sonatype | nexus | 2.0.6 | |
| sonatype | nexus | 2.1 | |
| sonatype | nexus | 2.1.1 | |
| sonatype | nexus | 2.2 | |
| sonatype | nexus | 2.3.1 | |
| sonatype | nexus | 2.4.0 | |
| sonatype | nexus | 2.5.0 | |
| sonatype | nexus | 2.5.1 | |
| sonatype | nexus | 2.6.0 | |
| sonatype | nexus | 2.6.1 | |
| sonatype | nexus | 2.6.2 | |
| sonatype | nexus | 2.6.3 | |
| sonatype | nexus | 2.6.4 | |
| sonatype | nexus | 2.7.0 | |
| sonatype | nexus | 2.7.0 | |
| sonatype | nexus | 2.7.0 | |
| sonatype | nexus | 2.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonatype:nexus:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D91A8DD-C3B2-4258-9A83-F85FD9CA5AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC255313-6743-4318-9400-533551A97904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFA8904-FD47-4CF0-9D8A-6E4E8D5147D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15C5954F-7899-499F-ACA1-C34365CEDEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7DB5988E-B354-4F8D-91AC-39161995269B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "468BCA4D-FBFF-4ECF-B925-6C4BECE509E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.0.4:1:*:*:*:*:*:*",
"matchCriteriaId": "9204166D-4460-408D-B1D8-DEC0DA19DA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3B79A2-55D4-44C2-982B-08C23AD64710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A1C46A-7C6B-430F-945D-968ABBCE1348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8947E3F8-89CC-4919-8116-605D98FA8B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FF73EAB-D7D9-4C9F-9BBF-459FA70D6C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE7B4CF-0FA2-42A4-86A2-D2A101358994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A83DA027-AE5D-4A19-BACE-FACD9859D4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D92A3FC0-2D84-48CC-BC1D-3EDE7B08F097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D007ADA9-CAA6-47E8-B135-E95E9FEC6D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55F954B1-D301-401A-B6D4-12F10DE9CF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C21354A4-A877-4B84-B3BB-EE8EBC581DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD592E54-D5D4-4CA3-A90A-5966049E501F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97DFC1CB-9855-4025-B956-5471DF55151A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6D39F4-2E88-4309-9A89-252950486EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFC19B9-F63C-4982-A0AC-29A2558B9F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0AC1A75-E88B-4EC5-88A5-01257C65BBF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:04:*:*:*:*:*:*",
"matchCriteriaId": "9DC31CAA-CC78-419B-B59F-4E7B756E8B5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:05:*:*:*:*:*:*",
"matchCriteriaId": "4494C42B-3ABE-4743-83F4-FF8DDCEB7A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:06:*:*:*:*:*:*",
"matchCriteriaId": "7975DE00-DFFD-4DF0-B971-FF5CE97C72B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types."
},
{
"lang": "es",
"value": "Sonatype Nexus 1.x y 2.x anteriores a 2.7.1 permite a atacantes remotos crear objetos de forma arbitraria y ejecutar c\u00f3digo a trav\u00e9s de vectores no especificados relacionados con la resoluci\u00f3n de referencias de tipo de Objeto a los que no se deber\u00eda"
}
],
"id": "CVE-2014-0792",
"lastModified": "2024-11-21T02:02:48.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-17T20:55:04.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus"
},
{
"source": "cve@mitre.org",
"url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-25 19:15
Modified
2024-11-21 05:15
Severity ?
Summary
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE42F8C4-826C-4288-8FE1-80456560179B",
"versionEndExcluding": "3.27.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user."
},
{
"lang": "es",
"value": "En Sonatype Nexus Repository versi\u00f3n 3.26.1, un usuario administrador puede exponer una clave secreta de S3"
}
],
"id": "CVE-2020-24622",
"lastModified": "2024-11-21T05:15:13.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-25T19:15:12.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.sonatype.org/browse/NEXUS-25019"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360053516793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.sonatype.org/browse/NEXUS-25019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360053516793"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-01 19:15
Modified
2024-11-21 04:54
Severity ?
Summary
Sonatype Nexus Repository before 3.21.2 allows XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.sonatype.com/hc/en-us/articles/360044361594 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.sonatype.com/hc/en-us/articles/360044361594 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B98DA8A-C0CE-4902-9DD1-3FBEC00215FC",
"versionEndExcluding": "3.21.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus Repository before 3.21.2 allows XSS."
},
{
"lang": "es",
"value": "Sonatype Nexus Repository versiones anteriores a 3.21.2, permite un ataque de tipo XSS."
}
],
"id": "CVE-2020-10203",
"lastModified": "2024-11-21T04:54:57.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-01T19:15:14.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044361594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044361594"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-01 03:25
Modified
2024-11-21 02:05
Severity ?
Summary
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonatype | nexus | 2.4.0 | |
| sonatype | nexus | 2.4.0 | |
| sonatype | nexus | 2.5.0 | |
| sonatype | nexus | 2.5.0 | |
| sonatype | nexus | 2.6.0 | |
| sonatype | nexus | 2.6.0 | |
| sonatype | nexus | 2.6.1 | |
| sonatype | nexus | 2.6.1 | |
| sonatype | nexus | 2.6.2 | |
| sonatype | nexus | 2.6.2 | |
| sonatype | nexus | 2.6.3 | |
| sonatype | nexus | 2.6.3 | |
| sonatype | nexus | 2.6.4 | |
| sonatype | nexus | 2.6.4 | |
| sonatype | nexus | 2.6.5 | |
| sonatype | nexus | 2.7.0 | |
| sonatype | nexus | 2.7.0 | |
| sonatype | nexus | 2.7.1 | |
| sonatype | nexus | 2.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.4.0:*:*:*:open_source:*:*:*",
"matchCriteriaId": "43AB890E-0BFD-4446-99BF-2BD9CC55C173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.4.0:*:*:*:professional:*:*:*",
"matchCriteriaId": "DD3FD4FC-12AD-4286-843D-D2F3BCC9A441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.5.0:*:*:*:open_source:*:*:*",
"matchCriteriaId": "8E084D92-BB5B-4872-AF70-7F8681C93B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.5.0:*:*:*:professional:*:*:*",
"matchCriteriaId": "EF20924E-743B-4376-A35A-9ACB6E8B4080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.0:*:*:*:open_source:*:*:*",
"matchCriteriaId": "BBD83307-04AE-47E3-949B-E951ECAB9EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.0:*:*:*:professional:*:*:*",
"matchCriteriaId": "FC3862B9-18B3-4C94-B34A-40F08E151334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.1:*:*:*:open_source:*:*:*",
"matchCriteriaId": "CF46E050-3F9D-4F9F-AF74-6C924DB6804E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.1:*:*:*:professional:*:*:*",
"matchCriteriaId": "949F08F2-66EE-4DDC-9483-2EE7DB2952D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.2:*:*:*:open_source:*:*:*",
"matchCriteriaId": "A47D7B7F-A919-4BC2-ACD3-CF2D035CC36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.2:*:*:*:professional:*:*:*",
"matchCriteriaId": "4D0C69E3-EBB3-4214-A901-1E29771B373C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.3:*:*:*:open_source:*:*:*",
"matchCriteriaId": "53753B80-50F0-45A9-ACA9-3F5D86C93DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.3:*:*:*:professional:*:*:*",
"matchCriteriaId": "A232DDC9-14A3-4A88-BFCA-4053AB7A3B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.4:*:*:*:open_source:*:*:*",
"matchCriteriaId": "5ADB7A5C-F8AC-429A-8186-534D93D6424D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.4:*:*:*:professional:*:*:*",
"matchCriteriaId": "5F5E0C4C-D34C-42EF-9EB4-2826E8BCC248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.6.5:*:*:*:professional:*:*:*",
"matchCriteriaId": "6D94878B-E92C-4DD1-8C57-40472C0BD62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:*:*:*:open_source:*:*:*",
"matchCriteriaId": "2008F19D-A078-4339-BAF4-B131415A41AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:*:*:*:professional:*:*:*",
"matchCriteriaId": "EB3A0F5B-A158-42C9-B14B-84EB92535F78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.7.1:*:*:*:open_source:*:*:*",
"matchCriteriaId": "393A5265-673A-4000-846F-F02AE11A65AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:2.7.1:*:*:*:professional:*:*:*",
"matchCriteriaId": "C231775B-12AE-40C6-A8DB-E3118DF37117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to \"an unauthenticated execution path.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Sonatype Nexus OSS y Pro 2.4.0 hasta 2.7.1 permite a atacantes crear cuentas de usuarios arbitrarios a trav\u00e9s de vectores desconocidos relacionados con una ruta de ejecuci\u00f3n no autenticada."
}
],
"id": "CVE-2014-2034",
"lastModified": "2024-11-21T02:05:30.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-01T03:25:11.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57142"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/104049"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65956"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/104049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-02 18:15
Modified
2024-11-21 04:57
Severity ?
Summary
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://support.sonatype.com | Vendor Advisory | |
| cve@mitre.org | https://support.sonatype.com/hc/en-us/articles/360046133553 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.sonatype.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.sonatype.com/hc/en-us/articles/360046133553 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDD6570-2CB3-4EBB-AAE4-22822875038A",
"versionEndIncluding": "3.21.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control."
},
{
"lang": "es",
"value": "Sonatype Nexus Repository Manager versiones 3.x hasta 3.21.2 incluy\u00e9ndola, presenta un Control de Acceso Incorrecto."
}
],
"id": "CVE-2020-11444",
"lastModified": "2024-11-21T04:57:55.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-02T18:15:18.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.sonatype.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360046133553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.sonatype.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360046133553"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-01 19:15
Modified
2025-02-04 20:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
References
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Sonatype Nexus Repository Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B98DA8A-C0CE-4902-9DD1-3FBEC00215FC",
"versionEndExcluding": "3.21.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2)."
},
{
"lang": "es",
"value": "Sonatype Nexus Repository versiones anteriores a 3.21.2, permite una inyecci\u00f3n JavaEL (problema 1 de 2)."
}
],
"id": "CVE-2020-10199",
"lastModified": "2025-02-04T20:15:34.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-04-01T19:15:14.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/917.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044882533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/917.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360044882533"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-917"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-917"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 17:29
Modified
2025-02-04 21:15
Severity ?
Summary
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
References
{
"cisaActionDue": "2022-06-10",
"cisaExploitAdd": "2021-12-10",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04D8C400-CE34-44E6-9DE4-7748D263FA39",
"versionEndExcluding": "3.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control."
},
{
"lang": "es",
"value": "Sonatype Nexus Repository Manager, en versiones anteriores a la 3.15.0, tiene un control de acceso incorrecto."
}
],
"id": "CVE-2019-7238",
"lastModified": "2025-02-04T21:15:19.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-03-21T17:29:01.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-23 15:15
Modified
2024-11-06 16:41
Severity ?
Summary
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected versions relied on a static hard-coded encryption passphrase. While it was possible for an administrator to define an alternate encryption passphrase, it could only be done at first boot and not updated.
This issue affects Nexus Repository: from 3.0.0 through 3.72.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76F5FE4A-2136-462C-9236-71524B84563E",
"versionEndExcluding": "3.73.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected versions relied on a static hard-coded encryption passphrase. While it was possible for an administrator to define an alternate encryption passphrase, it could only be done at first boot and not updated.\n\nThis issue affects Nexus Repository: from 3.0.0 through 3.72.0."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de uso de credenciales codificadas de forma r\u00edgida en Sonatype Nexus Repository en el c\u00f3digo responsable de cifrar los secretos almacenados en la base de datos de configuraci\u00f3n del Repositorio Nexus (credenciales de proxy SMTP o HTTP, tokens de usuario, tokens, entre otros). Las versiones afectadas se basaban en una frase de contrase\u00f1a de cifrado est\u00e1tica y codificada de forma r\u00edgida. Si bien era posible que un administrador definiera una frase de contrase\u00f1a de cifrado alternativa, solo se pod\u00eda hacer en el primer arranque y no se actualizaba. Este problema afecta al Repositorio Nexus: desde la versi\u00f3n 3.0.0 hasta la 3.72.0."
}
],
"id": "CVE-2024-5764",
"lastModified": "2024-11-06T16:41:00.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE"
},
"source": "103e4ec9-0a87-450b-af77-479448ddef11",
"type": "Secondary"
}
]
},
"published": "2024-10-23T15:15:32.340",
"references": [
{
"source": "103e4ec9-0a87-450b-af77-479448ddef11",
"tags": [
"Vendor Advisory"
],
"url": "https://support.sonatype.com/hc/en-us/articles/34496708991507"
}
],
"sourceIdentifier": "103e4ec9-0a87-450b-af77-479448ddef11",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "103e4ec9-0a87-450b-af77-479448ddef11",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-05 20:59
Modified
2024-11-21 02:20
Severity ?
Summary
Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonatype:nexus:*:*:*:*:oss:*:*:*",
"matchCriteriaId": "532E2278-8CC0-4BA9-A6BE-DCC2ED47807C",
"versionEndIncluding": "2.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonatype:nexus:*:*:*:*:pro:*:*:*",
"matchCriteriaId": "10133E4A-BF30-4288-BF5B-2DF99AC09789",
"versionEndIncluding": "2.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Sonatype Nexus OSS y Pro anterior a 2.11.1-01 permite a atacantes remotos leer o escribir en ficheros arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-9389",
"lastModified": "2024-11-21T02:20:45.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-05T20:59:09.480",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61134"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.sonatype.org/advisories/archive/2014-12-23-Nexus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.sonatype.com/entries/84705937-CVE-2014-9389-Nexus-Security-Advisory-Directory-Traversal"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}