skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Sonatype Identifies Vulnerabilities in Nexus Repository Manager

/ 1 min read

Sonatype reveals critical vulnerabilities in Nexus Repository Manager. Sonatype has announced two serious vulnerabilities, CVE-2024-5082 and CVE-2024-5083, in their Nexus Repository Manager 2.x versions, following a security update on November 13, 2024. The first vulnerability allows remote code execution through malicious Maven artifacts, while the second enables stored cross-site scripting, potentially compromising administrator privileges. Although no active exploits have been reported, Sonatype urges users to upgrade to version 2.15.2 immediately or implement temporary mitigation measures, such as custom Web Application Firewall rules or specific Nginx configurations. The company emphasizes the importance of maintaining updated software to safeguard against potential attacks, highlighting their commitment to user security through proactive vulnerability management.