CVE-2020-15012: Nexus Repository Manager 2 Directory Traversal Vulnerability Alert

On October 8, 2020,  Nexus Repository Manager 2 issued a risk notice for the directory traversal vulnerability of nexus repository manager 2. The vulnerability number is CVE-2020-15012, the vulnerability level is a high risk. By constructing special requests, remote attackers can cause directory traversal and leakage of sensitive data files.
CVE-2019-5475

Image: sonatype

Vulnerability Detail

A security vulnerability (CVE-2020-15012) has been discovered in Nexus Repository Manager requiring immediate action. The vulnerability allows for directory traversal, exposing arbitrary files to users. This advisory provides the pertinent information needed to properly address this vulnerability, along with the details on how to reach us if you have any further questions or concerns.

This vulnerability was identified by an external researcher and has been verified by our security team. We are not aware of any active exploits taking advantage of this issue.

Affected version

  • sonatype:nexus repository manager 2: <=2.14.18

Solution

In this regard, we recommend that users upgrade nexus repository manager 2 to the latest version in time.