Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0.
References
Configurations
History
21 Nov 2024, 05:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.sonatype.com/hc/en-us/articles/1500000415082-CVE-2020-29436-Nexus-Repository-Manager-3-XML-External-Entities-injection-2020-12-15 - Vendor Advisory |
Information
Published : 2020-12-17 02:15
Updated : 2024-11-21 05:23
NVD link : CVE-2020-29436
Mitre link : CVE-2020-29436
CVE.ORG link : CVE-2020-29436
JSON object : View
Products Affected
sonatype
- nexus_repository_manager
CWE
CWE-611
Improper Restriction of XML External Entity Reference