CVE-2020-11753
HIGHSonatype Nexus Repository Manager 3.21.1 and 3.22.0 - Incorrect Authorization
Title source: llmDescription
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://cwe.mitre.org/data/definitions/284.html
Patch, Vendor Advisory x_refsource_confirm
https://support.sonatype.com/hc/en-us/articles/360046233714
Scores
CVSS v3
8.8
EPSS
0.0171
EPSS Percentile
74.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (2)
sonatype/nexus_repository_manager_3
3.21.1
sonatype/nexus_repository_manager_3
3.22.0
Published
Apr 20, 2020
Tracked Since
Feb 18, 2026