Remote Code Execution vulnerability discovered in Nexus Repository 2
CVE-2024-5082

Currently unrated

Key Information:

Vendor: Sonatype
Status: Nexus Repository
Vendor: CVE Published:; 14 November 2024

🔔 Create Sonatype Vulnerability Alert

What is CVE-2024-5082?

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.

This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.

Affected Version(s)

Nexus Repository 2.0.0 <= 2.15.1

References

https://support.sonatype.com/hc/en-us/articles/3069412538...

vendor-advisory

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2024
Vulnerability Reserved
May 17, 2024

Credit

Michael Stepankin at GitHub Security Lab

.