PT-2020-12823 · Sonatype · Sonatype Nexus Repository Manager+1
Published
2020-04-20
·
Updated
2022-10-05
·
CVE-2020-11753
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sonatype Nexus Repository Manager versions 3.21.1
Description
An issue was discovered in Sonatype Nexus Repository Manager. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API.
Recommendations
For Sonatype Nexus Repository Manager version 3.21.1, update to a version where scripting is disabled by default or apply appropriate configuration changes to restrict scripting capabilities.
For Sonatype Nexus Repository Manager version 3.22.0, no action is required as scripting is disabled by default, making the issue not exploitable.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nexus Repository Manager
Sonatype Nexus Repository Manager