Monday, November 18, 2024
HomeCVE/vulnerabilitySonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability

Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability

Published on

Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions.

These vulnerabilities, identified as CVE-2024-5082 and CVE-2024-5083, could potentially allow attackers to exploit the system through remote code execution (RCE) and cross-site scripting (XSS) attacks.

All previous versions up to and including 2.15.1 are affected, and users are strongly urged to upgrade to version 2.15.2 for protection.

- Advertisement - SIEM as a Service

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders - Attend Free Webinar

CVE-2024-5082: Remote Code Execution (RCE)

CVE-2024-5082 is a critical vulnerability that could allow an attacker to perform remote code execution in Nexus Repository Manager 2.x.

By publishing a specially crafted Maven artifact with a payload, the attacker could execute malicious code when the artifact is downloaded by any user or system interacting with the repository.

Affected Versions

  • All versions of Sonatype Nexus Repository Manager 2.x OSS/Pro up to and including 2.15.1.

Fixed Version

  • The issue has been addressed in Sonatype Nexus Repository Manager 2.x OSS/Pro version 2.15.2.

This vulnerability poses a serious threat, as an attacker could gain control of the system by executing arbitrary code.

Although Sonatype has not yet observed any active exploitation in the wild, the severity of the vulnerability necessitates immediate action.

Users are strongly advised to upgrade to Nexus Repository Manager version 2.15.2. If upgrading is not immediately possible, Sonatype has provided a custom Web Application Firewall (WAF) rule as a temporary mitigation option to reduce the risk of exploitation.

CVE-2024-5083: Stored Cross-Site Scripting (XSS)

In addition to the RCE vulnerability, Sonatype also disclosed CVE-2024-5083, a stored cross-site scripting (XSS) vulnerability.

This flaw allows an attacker to publish a Maven artifact embedded with malicious XSS payloads.

If an administrator or another user with privileged access views the artifact in their browser, the attacker could execute unwanted actions with the privileges of the administrator’s account.

Affected Versions

  • All versions of Sonatype Nexus Repository Manager 2.x OSS/Pro up to and including 2.15.1.

Fixed Version

  • The issue has been fixed in version 2.15.2 of Nexus Repository Manager.

Stored XSS attacks can compromise the security of administrative sessions, potentially allowing attackers to manipulate repository settings, gain unauthorized access, or exfiltrate sensitive data. Although no active exploitation has been reported, the potential impact is significant.

As with the RCE vulnerability, Sonatype advises upgrading to version 2.15.2. If upgrading is not possible, administrators can use the provided Nginx configuration to mitigate the risk of XSS attacks.

Sonatype has reiterated that Nexus Repository Manager 2.x is currently under Extended Maintenance, and they recommend migrating to Nexus Repository 3 for continued security updates and feature improvements.

For users unable to migrate immediately, the company strongly encourages upgrading to version 2.15.2 to secure their deployments.

Simplify and speed up Threat Analysis Workflow by Auto-detonating Cyber Attacks in a Malware sandbox

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

Zohocorp, the company behind ManageEngine, has released a security update addressing a critical SQL...

Citrix Virtual Apps & Desktops Zero-Day Vulnerability Exploited in the Wild

A critical new vulnerability has been discovered in Citrix’s Virtual Apps and Desktops solution,...

GeoVision 0-Day Vulnerability Exploited in the Wild

Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices,...

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

Zohocorp, the company behind ManageEngine, has released a security update addressing a critical SQL...

Citrix Virtual Apps & Desktops Zero-Day Vulnerability Exploited in the Wild

A critical new vulnerability has been discovered in Citrix’s Virtual Apps and Desktops solution,...

GeoVision 0-Day Vulnerability Exploited in the Wild

Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices,...