Description
Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.
Published: 2026-06-17
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Sonatype Nexus Repository Manager contains an authorization flaw in the proxy repository configuration that permits a delegated repository administrator to read the stored upstream proxy credentials. The vulnerability, classified as CWE‑863, can lead to accidental exposure of authentication data that could be reused to compromise upstream repositories or their services.

Affected Systems

All Sonatype Nexus Repository Manager releases earlier than version 3.93.0 are affected, encompassing the majority of installations from the 3.x series such as 3.18.x through 3.92.x. Any deployment that has not applied the update to 3.93.0 or later remains vulnerable.

Risk and Exploitability

The CVSS score of 5.9 indicates a moderate impact, and the EPSS score of less than 1 % suggests a low likelihood of exploitation. The vulnerability is not listed in CISA KEV. Exploitation requires authenticated access with delegated repository‑administrator rights; an insider or compromised account could leverage this to retrieve upstream credentials without triggering obvious alerts, potentially enabling lateral movement or compromise of external services.

Generated by OpenCVE AI on June 18, 2026 at 18:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Sonatype Nexus Repository Manager to version 3.93.0 or newer
  • If an upgrade is not possible, revoke or limit delegated repository‑administrator permissions until the patch is applied
  • Audit and remove any stored upstream proxy credentials that are no longer required

Generated by OpenCVE AI on June 18, 2026 at 18:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.
Title Nexus Repository Manager - Incorrect Authorization allows credential disclosure via proxy repository configuration
First Time appeared Sonatype
Sonatype nexus Repository Manager
Weaknesses CWE-863
CPEs cpe:2.3:a:sonatype:nexus_repository_manager:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.10.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.11.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.12.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.13.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.14.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.15.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.15.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.15.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.16.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.16.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.16.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.17.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.18.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.18.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.19.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.19.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.20.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.20.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.21.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.21.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.21.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.22.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.22.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.23.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.24.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.25.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.25.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.26.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.26.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.27.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.28.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.28.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.29.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.29.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.30.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.30.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.31.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.31.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.32.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.32.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.33.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.33.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.34.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.34.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.35.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.36.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.37.3:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.38.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.38.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.39.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.40.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.40.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.41.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.41.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.42.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.43.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.44.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.45.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.45.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.46.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.47.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.47.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.48.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.49.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.50.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.51.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.52.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.53.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.53.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.54.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.54.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.55.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.56.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.57.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.57.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.58.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.58.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.59.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.60.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.61.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.62.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.63.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.64.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.65.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.66.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.67.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.67.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.68.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.68.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.69.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.3:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.4:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.70.5:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.71.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.72.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.73.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.74.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.75.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.75.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.76.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.76.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.77.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.78.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.78.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.79.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.80.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.81.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.82.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.83.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.83.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.83.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.84.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.84.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.84.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.85.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.85.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.86.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.86.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.86.3:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.87.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.87.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.87.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.88.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.89.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.89.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.9.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.90.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.90.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.90.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.90.3:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.91.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.91.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.92.0:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.92.1:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.92.2:*:*:*:*:*:*:*
cpe:2.3:a:sonatype:nexus_repository_manager:3.92.3:*:*:*:*:*:*:*
Vendors & Products Sonatype
Sonatype nexus Repository Manager
References
Metrics cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Sonatype Nexus Repository Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: Sonatype

Published:

Updated: 2026-06-17T19:37:16.584Z

Reserved: 2026-06-03T13:22:08.536Z

Link: CVE-2026-10741

cve-icon Vulnrichment

Updated: 2026-06-17T19:37:11.758Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:30:15Z

Weaknesses