New Vulnerability in Sonatype Nexus Repository Manager

Sonatype.com


Until 2.14.19, a Directory Traversal problem was noticed in Sonatype Nexus Repository Manager 2.x. A user demanding a constructed route will navigate the file system to obtain access to disk content (which is also available by the user running nxrm).

Type:

CVE-2020-15012

Solution:

Upgrade your software to 2.14.19 version and higher

Sources:

CveMitre
Exploit-db
UndercodeNews