CVE-2020-29436

MEDIUM

Sonatype Nexus Repository Manager <3.29.0 - Info Disclosure

Title source: llm

Description

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://support.sonatype.com/hc/en-us/articles/1500000415082-CVE-2020-29436-Nexus-Repository-Manager-3-XML-External-Entities-injection-2020-12-15

Scores

CVSS v3 6.5

EPSS 0.0144

EPSS Percentile 69.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-611

Status published

Products (1)

sonatype/nexus_repository_manager 3.0.0 - 3.29.0

Published Dec 17, 2020

Tracked Since Feb 18, 2026