CVE-2020-11444

HIGH

Sonatype Nexus Repository Manager 3.0.0-3.21.2 - Incorrect Access Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-11444. PoCs published by zhzyker, CN016.

AI-analyzed exploit summary This repository contains a Python script that exploits CVE-2020-11444, an unauthorized vulnerability in Nexus Repository Manager 3.x, allowing an attacker to change the admin password without proper authentication.

Description

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.

Exploits (2)

nomisec WORKING POC 10 stars
by zhzyker · poc
https://github.com/zhzyker/CVE-2020-11444

This repository contains a Python script that exploits CVE-2020-11444, an unauthorized vulnerability in Nexus Repository Manager 3.x, allowing an attacker to change the admin password without proper authentication.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Nexus Repository Manager 3.x OSS / Pro <= 3.21.1
No auth needed
Prerequisites: Target URL · Valid session ID · Desired new password
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by CN016 · poc
https://github.com/CN016/Nexus-Repository-Manager-3-CVE-2020-11444-

This PoC exploits CVE-2020-11444, an authentication bypass vulnerability in Nexus Repository Manager 3, allowing an attacker to change the admin password without proper authorization. The script sends a PUT request to the vulnerable endpoint with a new password, leveraging a valid session ID.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Nexus Repository Manager 3
Auth required
Prerequisites: Valid session ID · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.sonatype.com
Patch, Vendor Advisory x_refsource_confirm
https://support.sonatype.com/hc/en-us/articles/360046133553

Scores

CVSS v3 8.8
EPSS 0.0851
EPSS Percentile 94.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-276
Status published
Products (1)
sonatype/nexus 3.0.0 - 3.21.2
Published Apr 02, 2020
Tracked Since Feb 18, 2026