CVE-2022-27907: 
Sonatype Nexus 3 vulnerability analysis and mitigation

A Server-Side Request Forgery (SSRF) vulnerability was discovered in Sonatype Nexus Repository Manager 3.x versions up to and including 3.37.3, identified as CVE-2022-27907. The vulnerability was disclosed on March 30, 2022, and affects the Nexus Repository Manager software platform (Sonatype Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires network access and low privileges to exploit, requires no user interaction, has unchanged scope, and can impact confidentiality but not integrity or availability (NVD).

The vulnerability could potentially lead to network enumeration capabilities when successfully exploited. An authenticated attacker could perform network enumeration through Server-Side Request Forgery (Sonatype Advisory).

The vulnerability has been fixed in Nexus Repository 3 version 3.38.0 and later releases. Organizations are strongly recommended to upgrade all instances of Nexus Repository 3 to version 3.38.0 or later to address this vulnerability (Sonatype Advisory).