CVE-2020-13933: Nexus Repository Manager 2 & 3 – Shiro Authentication Bypass Vulnerability Alert
Nexus is a repository manager, and acts as a staging repository which “intercepts” artifacts uploaded by mvn deploy.
Thus artifacts can be safely deployed to Nexus as part of voting on a release. The vote takes place on the staged artifacts. If the vote succeeds, the artifacts can be promoted to the live repository. If it fails, the artifacts can be deleted, and the process can restart.
- Nexus Repository Manager 2 versions up to and including 2.14.18
- Nexus Repository Manager 3 versions up to and including 3.26.1
- Nexus Repository Manager 2 versions 2.14.19 and later
- Nexus Repository Manager 3 versions 3.27.0 and later