Remote Code Execution Vulnerability in Sonatype Nexus Repository Manager
CVE-2020-15871

8.8HIGH

Key Information:

Vendor: Sonatype
Status: Nexus Repository Manager 3
Vendor: CVE Published:; 31 July 2020

What is CVE-2020-15871?

An identified vulnerability in Sonatype Nexus Repository Manager OSS/Pro allows unauthorized users to execute arbitrary code on the server. This security flaw, present in versions prior to 3.25.1, could be exploited by an attacker to gain control over the repository server, potentially leading to unauthorized data access and manipulation. It is crucial for users to update their Nexus Repository Manager to the latest version to mitigate these risks and ensure the security of their systems.

References

https://support.sonatype.com

x_refsource_MISC

https://support.sonatype.com/hc/en-us/articles/360052192693

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2020
Vulnerability Reserved
Jul 21, 2020