Beyond Security Blog
laptop and network monitoring icons on blue gradient vector

Nexus Repository Manager 3 – Remote Code Execution Vulnerability

Details

A Remote Code Execution vulnerability has been discovered in Nexus Repository Manager requiring immediate action. The vulnerability allows for an attacker with any type of account on NXRM to execute arbitrary code by crafting a malicious request to NXRM. We have mitigated the issue by adjusting the configuration of third-party library that allowed for this attack. This advisory provides the pertinent information needed to properly address this vulnerability, along with the details on how to reach us if you have any further questions or concerns.

This vulnerability was identified by an external researcher and has been verified by our security team. We are not aware of any active exploits taking advantage of this issue.

The identified vulnerability can allow for the user to evaluate any code they send on the system, that the user running the server has privileges to.

Vulnerable Systems:

Sonatype Nexus Repository before 3.21.2

CVE Information:

CVE-2020-10199

Disclosure Timeline:
Published Date:04/08/2020

SecuriTeam

SecuriTeam is a small group within Beyond Security dedicated to bringing you the latest news and utilities in computer security.

Please visit our central security portal at securiteam.com to keep up-to-date with the latest security research and read our archives containing over 10,000 articles about CVEs and zero-day exploits.

Contact Us
Want to learn more? Fill out the form below and we'll be in touch shortly.
By clicking Submit, I agree to the use of my personal data in accordance with the Beyond Security Privacy Policy. Beyond Security will not sell, trade, lease, or rent your personal data to third parties.

Advertisement

Vector image of purple colored handshake icon

Affected by Covid-19? Get free vulnerability scanning.

Before You go

Take a second to book a demo. Learn how to secure your networks & applications.

We'll be in touch!

We now have the ability to scan at any time...like having sonar on our own network. We always know what is going on around us.”

man-img

Mike Gutknecht, Spectrum Brands