Saturday, December 7, 2024
HomeCVE/vulnerabilitySonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability

Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability

Published on

SIEM as a Service

Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions.

These vulnerabilities, identified as CVE-2024-5082 and CVE-2024-5083, could potentially allow attackers to exploit the system through remote code execution (RCE) and cross-site scripting (XSS) attacks.

All previous versions up to and including 2.15.1 are affected, and users are strongly urged to upgrade to version 2.15.2 for protection.

- Advertisement - SIEM as a Service

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders - Attend Free Webinar

CVE-2024-5082: Remote Code Execution (RCE)

CVE-2024-5082 is a critical vulnerability that could allow an attacker to perform remote code execution in Nexus Repository Manager 2.x.

By publishing a specially crafted Maven artifact with a payload, the attacker could execute malicious code when the artifact is downloaded by any user or system interacting with the repository.

Affected Versions

  • All versions of Sonatype Nexus Repository Manager 2.x OSS/Pro up to and including 2.15.1.

Fixed Version

  • The issue has been addressed in Sonatype Nexus Repository Manager 2.x OSS/Pro version 2.15.2.

This vulnerability poses a serious threat, as an attacker could gain control of the system by executing arbitrary code.

Although Sonatype has not yet observed any active exploitation in the wild, the severity of the vulnerability necessitates immediate action.

Users are strongly advised to upgrade to Nexus Repository Manager version 2.15.2. If upgrading is not immediately possible, Sonatype has provided a custom Web Application Firewall (WAF) rule as a temporary mitigation option to reduce the risk of exploitation.

CVE-2024-5083: Stored Cross-Site Scripting (XSS)

In addition to the RCE vulnerability, Sonatype also disclosed CVE-2024-5083, a stored cross-site scripting (XSS) vulnerability.

This flaw allows an attacker to publish a Maven artifact embedded with malicious XSS payloads.

If an administrator or another user with privileged access views the artifact in their browser, the attacker could execute unwanted actions with the privileges of the administrator’s account.

Affected Versions

  • All versions of Sonatype Nexus Repository Manager 2.x OSS/Pro up to and including 2.15.1.

Fixed Version

  • The issue has been fixed in version 2.15.2 of Nexus Repository Manager.

Stored XSS attacks can compromise the security of administrative sessions, potentially allowing attackers to manipulate repository settings, gain unauthorized access, or exfiltrate sensitive data. Although no active exploitation has been reported, the potential impact is significant.

As with the RCE vulnerability, Sonatype advises upgrading to version 2.15.2. If upgrading is not possible, administrators can use the provided Nginx configuration to mitigate the risk of XSS attacks.

Sonatype has reiterated that Nexus Repository Manager 2.x is currently under Extended Maintenance, and they recommend migrating to Nexus Repository 3 for continued security updates and feature improvements.

For users unable to migrate immediately, the company strongly encourages upgrading to version 2.15.2 to secure their deployments.

Simplify and speed up Threat Analysis Workflow by Auto-detonating Cyber Attacks in a Malware sandbox

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...