On August 3, 2020, the Sonatype Security Team released a risk notice for Nexus Repository Manager 3.x remote code execution vulnerability. The vulnerability number is CVE-2020-15871. The vulnerability level is serious and the vulnerability score is 9.6 points.
There is a remote code execution vulnerability in Sonatype Nexus Repository Manager 3 OSS/Pro before version 3.25.1. An authenticated remote attacker with appropriate permissions can use this vulnerability to affect arbitrary code execution.
Nexus Repository Manager 3 OSS / Pro: <3.25.1
Nexus Repository Manager 3 OSS / Pro: 3.25.1
In this regard, we recommend that users upgrade Nexus Repository Manager 3 OSS/Pro in time to avoid hacker attacks.