Описание
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).
Ссылки
- Third Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sonatype:nexus_repository_manager_3:3.21.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager_3:3.22.0:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01245
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).
EPSS
Процентиль: 79%
0.01245
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-863