September 30, 2020

CVE-2020-15871: Nexus Repository Manager Code Execution Vulnerability Alert

1 min read

On August 3, 2020, the Sonatype Security Team released a risk notice for Nexus Repository Manager 3.x remote code execution vulnerability. The vulnerability number is CVE-2020-15871. The vulnerability level is serious and the vulnerability score is 9.6 points.

There is a remote code execution vulnerability in Sonatype Nexus Repository Manager 3 OSS/Pro before version 3.25.1. An authenticated remote attacker with appropriate permissions can use this vulnerability to affect arbitrary code execution.
CVE-2019-5475
Image: sonatype

Affected version

  • Nexus Repository Manager 3 OSS / Pro: <3.25.1

Unaffected version

  • Nexus Repository Manager 3 OSS / Pro: 3.25.1

Solution

In this regard, we recommend that users upgrade Nexus Repository Manager 3 OSS/Pro in time to avoid hacker attacks.