Skip to main content

Forum Ideas Office Hours Innovate

Courses Videos

Knowledge Base Documentation

SSC Maturity Survey STEPP Assessment Hosted Workshops

Sign In Submit a request Sign In

Forum Ideas Office Hours Innovate

Courses Videos

Knowledge Base Documentation

SSC Maturity Survey STEPP Assessment Hosted Workshops

Sonatype Peter Sandbox
Announcements
Security Advisories

Security Advisories

Important advisories of known security vulnerabilities in Sonatype products.

CVE-2024-4956 Nexus Repository 3 - Path Traversal - 2024-05-16
Test Article in Security Advisories
CVE-2020-24622 Nexus Repository 3 - Sensitive Information Disclosure - 2020-09-15
CVE-2020-13933 Nexus Repository 2 & 3 - Shiro Authentication Bypass - 2020-10-15
CVE-2020-29436 Nexus Repository 3 and IQ Server - XML External Entities injection - 2020-12-15
CVE-2021-29159 Nexus Repository Manager 3 - Cross Site Scripting XSS
CVE-2021-29158 Nexus Repository Manager 3 - Sensitive Information Disclosure - 2021-04-22
CVE-2021-30635 Nexus Repository Manager 3 - Directory Traversal - 2021-04-22
CVE-2021-34553 Nexus Repository 3 - Directory Traversal - 2021-06-17
CVE-2021-37152 Nexus Repository 3 - Multiple Cross Site Scripting XSS - 2021-08-05
CVE-2021-40143 Nexus Repository 3 - HTTP Header Injection - 2021-09-01
CVE-2021-43293 Nexus Repository 3 - Server Side Request Forgery (SSRF) - 2021-10-27
CVE-2021-42568 Nexus Repository 3 - Incorrect Access Control - 2021-10-27
CVE-2021-43961 Nexus Repository 3 - HTML Injection - 2022-03-02
CVE-2022-27907 Nexus Repository 3 - Server Side Request Forgery (SSRF) - 2022-03-30
CVE-2024-1142 Sonatype IQ Server Path Traversal- 2024-03-06
Mitigations for CVE-2024-4956 Nexus Repository 3 Vulnerability
CVE-2024-5082 Nexus Repository 2 - Remote Code Execution
CVE-2024-5083 Nexus Repository 2 - Stored XSS Vulnerability
CVE-2024-5764 - Nexus Repository Manager 3 - Static hard-coded encryption passphrase used by default - 2024-10-17
CVE-2020-15868 Nexus Repository 3 - Access Controls Bypass - 2020-08-11
CVE-2020-15871 Nexus Repository 3 - Remote Code Execution - 2020-07-29
CVE-2020-15870 Nexus Repository 3 - Reflection XSS - 2020-07-29
CVE-2020-15869 Nexus Repository Manager 3 - Reflection XSS - 2020-07-29
CVE-2020-15012 Nexus Repository 2 - Directory Traversal - 2020-10-08
CVE-2020-11753 Nexus Repository 3 - Improper Access Controls - 2020-04-16
CVE-2020-11444 Nexus Repository Manager 3 - Improper Access Controls - 2020-04-02
CVE-2020-11415 Nexus Repository 2 & 3 - Sensitive Information Disclosure - 2020-04-16
CVE-2020-10203 Nexus Repository 3 - Cross Site Scripting XSS - 2020-03-31
CVE-2020-10204 Nexus Repository 3 - Remote Code Execution - 2020-03-31

Next
Last

Terms of Service Privacy Policy Cookie Preferences
Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.