Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability

Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions.

These vulnerabilities, identified as CVE-2024-5082 and CVE-2024-5083, could potentially allow attackers to exploit the system through remote code execution (RCE) and cross-site scripting (XSS) attacks.

All previous versions up to and including 2.15.1 are affected, and users are strongly urged to upgrade to version 2.15.2 for protection.

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders - Attend Free Webinar

CVE-2024-5082: Remote Code Execution (RCE)

CVE-2024-5082 is a critical vulnerability that could allow an attacker to perform remote code execution in Nexus Repository Manager 2.x.

By publishing a specially crafted Maven artifact with a payload, the attacker could execute malicious code when the artifact is downloaded by any user or system interacting with the repository.

Affected Versions

• All versions of Sonatype Nexus Repository Manager 2.x OSS/Pro up to and including 2.15.1.

Fixed Version

• The issue has been addressed in Sonatype Nexus Repository Manager 2.x OSS/Pro version 2.15.2.

This vulnerability poses a serious threat, as an attacker could gain control of the system by executing arbitrary code.

Although Sonatype has not yet observed any active exploitation in the wild, the severity of the vulnerability necessitates immediate action.

Users are strongly advised to upgrade to Nexus Repository Manager version 2.15.2. If upgrading is not immediately possible, Sonatype has provided a custom Web Application Firewall (WAF) rule as a temporary mitigation option to reduce the risk of exploitation.

CVE-2024-5083: Stored Cross-Site Scripting (XSS)

In addition to the RCE vulnerability, Sonatype also disclosed CVE-2024-5083, a stored cross-site scripting (XSS) vulnerability.

This flaw allows an attacker to publish a Maven artifact embedded with malicious XSS payloads.

If an administrator or another user with privileged access views the artifact in their browser, the attacker could execute unwanted actions with the privileges of the administrator’s account.

Affected Versions

• All versions of Sonatype Nexus Repository Manager 2.x OSS/Pro up to and including 2.15.1.

Fixed Version

• The issue has been fixed in version 2.15.2 of Nexus Repository Manager.

Stored XSS attacks can compromise the security of administrative sessions, potentially allowing attackers to manipulate repository settings, gain unauthorized access, or exfiltrate sensitive data. Although no active exploitation has been reported, the potential impact is significant.

As with the RCE vulnerability, Sonatype advises upgrading to version 2.15.2. If upgrading is not possible, administrators can use the provided Nginx configuration to mitigate the risk of XSS attacks.

Sonatype has reiterated that Nexus Repository Manager 2.x is currently under Extended Maintenance, and they recommend migrating to Nexus Repository 3 for continued security updates and feature improvements.

For users unable to migrate immediately, the company strongly encourages upgrading to version 2.15.2 to secure their deployments.

Simplify and speed up Threat Analysis Workflow by Auto-detonating Cyber Attacks in a Malware sandbox