CVE-2021-43293: 
Sonatype Nexus 3 vulnerability analysis and mitigation

Sonatype Nexus Repository Manager 3.x before version 3.36.0 contains a Server Side Request Forgery (SSRF) vulnerability that allows remote authenticated attackers to perform network enumeration. The vulnerability was disclosed on November 4, 2021 and affects all versions of Nexus Repository Manager 3.x up to version 3.35.0 (NVD).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) issue (CWE-918). It has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires network access and low-level privileges to exploit, requires no user interaction, has unchanged scope, and can impact confidentiality but not integrity or availability (NVD).

The vulnerability allows authenticated attackers to perform network enumeration through Server Side Request Forgery. This could potentially lead to the disclosure of sensitive information about the internal network structure (NVD).

The recommended mitigation is to upgrade all instances of Nexus Repository Manager to version 3.36.0 or later. The vulnerability has been fixed in this version (Sonatype Advisory).