Server Side Request Forgery in Sonatype Nexus Repository Manager 3.x
CVE-2021-43293

4.3MEDIUM

Key Information:

Vendor: Sonatype
Status: Nexus Repository Manager
Vendor: CVE Published:; 4 November 2021

What is CVE-2021-43293?

Sonatype Nexus Repository Manager versions below 3.36.0 are vulnerable to a Server Side Request Forgery (SSRF) attack. This vulnerability allows a remote authenticated attacker to potentially perform network enumeration, exploiting the server's ability to make requests to internal and external resources. As a result, the attacker may gain sensitive information about the network topology and services running on the server, increasing the risk of further exploitation.

References

https://support.sonatype.com/hc/en-us/articles/4409326330003

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2021
Vulnerability Reserved
Nov 2, 2021