Shulou(Shulou.com)06/01 Report--

What is the vulnerability of Nexus Repository Manager code execution? aiming at this problem, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

0x00 vulnerability background

On April 02, 2020, 360CERT Monitoring found that Sonatype Security Team officially released a notice of a remote code execution vulnerability in Nexus Repository Manager 3.x. In the case of authentication, an attacker can cause remote code execution through JavaEL expression injection.

Nexus Repository is an open source warehouse management system, which provides richer functions on the basis of simple installation, configuration and use.

0x01 risk rating

360CERT assesses the vulnerability

Evaluation method, threat level, high risk impact area is general.

360CERT recommends that users update the Nexus Repository Manager version in a timely manner. Do a good job of asset self-check / self-test / prevention to avoid attack.

0x02 affects version

Nexus Repository Manager OSS/Pro:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.