Aperçu
Sonatype Nexus Repository Manager before version 3.15.0 contains a critical remote code execution vulnerability in the web interface caused by insufficient input validation. This vulnerability allows remote attackers to execute arbitrary code with the privileges of the Nexus process without requiring authentication. La vulnérabilité a été divulguée le March 21, 2019. CISA a identifié CVE-2019-7238 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
Sonatype Nexus Repository Manager versions prior to 3.15.0 suffer from insufficient input validation in the web interface that allows unauthenticated remote attackers to execute arbitrary code. The vulnerability exists in how the application handles user-supplied input in certain parameters, likely related to expression language injection or similar template injection mechanisms. The flaw does not require authentication, making it a critical vulnerability accessible to any network-connected attacker.
La vulnérabilité est classifiée comme CWE-94 (Improper Control of Generation of Code ('Code Injection')) , CWE-917 (Expression Language Injection) etCWE-20 (Improper Input Validation) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indiquant sa nature critical.
Impact
Successful exploitation allows unauthenticated remote attackers to execute arbitrary code with the privileges of the Nexus process. This could lead to complete system compromise, unauthorized access to sensitive artifact repositories, modification or deletion of artifacts, lateral movement within the network, and potential use of the compromised server as a pivot point for further attacks. Organizations using Nexus as a critical component of their software supply chain are at significant risk.
Mitigation et contournements
Upgrade Sonatype Nexus Repository Manager to version 3.15.0 or later. Users can download the latest version from the official Sonatype website at https://www.sonatype.com/download-oss-sonatype-nexus. After downloading the patched version, follow standard upgrade procedures: stop the Nexus service, backup the data directory, extract the new version, and restart the service. Les versions suivantes incluent les correctifs nécessaires : 3.15.0, 3.15.1, 3.16.0 and later.
Comme contournements temporaires : restrict network access to the nexus web interface using firewall rules, waf (web application firewall), or network access control lists (acls). limit access to trusted ip addresses or networks only.; implement reverse proxy authentication/authorization layer in front of nexus to add additional security controls and input validation before traffic reaches the vulnerable application., et monitor network traffic and logs for suspicious requests containing potential injection payloads targeting the nexus web interface..
Recommandation de CISA : Apply updates per vendor instructions.
Ressources additionnelles
Source : Ce rapport a été généré par IA
