HTTP Header Injection Vulnerability in Sonatype Nexus Repository
CVE-2021-40143

8.2HIGH

Key Information:

Vendor: Sonatype
Status: Nexus Repository Manager 3
Vendor: CVE Published:; 7 September 2021

What is CVE-2021-40143?

Sonatype Nexus Repository versions 3.x up to 3.33.1-01 are exposed to an HTTP header injection vulnerability. This issue arises when an attacker sends a specially crafted HTTP request to the server. Successfully exploiting this vulnerability may allow the attacker to disclose sensitive information or make unauthorized requests for external resources, compromising the integrity of the server and the confidentiality of the data stored within.

References

https://issues.sonatype.org/secure/ReleaseNote.jspa

x_refsource_MISC

https://support.sonatype.com/hc/en-us/articles/4405941762579

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 7, 2021
Vulnerability Reserved
Aug 25, 2021