Sonatype Identifies Vulnerabilities in Nexus Repository Manager
/ 1 min read
Sonatype reveals critical vulnerabilities in Nexus Repository Manager. Sonatype has announced two serious vulnerabilities, CVE-2024-5082 and CVE-2024-5083, in their Nexus Repository Manager 2.x versions, following a security update on November 13, 2024. The first vulnerability allows remote code execution through malicious Maven artifacts, while the second enables stored cross-site scripting, potentially compromising administrator privileges. Although no active exploits have been reported, Sonatype urges users to upgrade to version 2.15.2 immediately or implement temporary mitigation measures, such as custom Web Application Firewall rules or specific Nginx configurations. The company emphasizes the importance of maintaining updated software to safeguard against potential attacks, highlighting their commitment to user security through proactive vulnerability management.