ID AKB:C196A2CA-11B5-4498-B323-5D755C3DB615
Type attackerkb
Reporter AttackerKB
Modified 2020-09-17T19:30:07


Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.

Recent assessments:

ericalexanderorg at 2020-04-03T13:18:21.103807Z reported: Wording on this and eludes to an authenticated RCE, but they consider an anonymous user authenticated. Nexus servers store artifacts that could be altered to pivot elsewhere. This will be a high when POC surfaces, for now I'm going lower. The number of much older versions (that also have vulnerabilities) in shodan suggests many organizations are not keeping up with patching.

Assessed Attacker Value: 3 Assessed Exploitability: 1