Critical security vulnerability in NXRM 3.x versions up to 3.14


#1

Affected Versions: Nexus Repository Manager 3.6.2 OSS/Pro versions up to and including 3.14.0
Fixed in Version: Nexus Repository Manager OSS/Pro version 3.15.0

Sonatype has become aware of active exploitation of a previously announced security vulnerability, and recommends immediate upgrade of affected NXRM 3.x instances. (NXRM 2.x instances are not affected.)

Information about the vulnerability was previously published in the Sonatype security knowledge base at:

Instances of Repository Manager that are publicly accessible on the internet are at extreme risk of exploitation. Non-publicly accessible instances are at lower risk, but still pose a risk of insider threat.

We recommend immediate upgrade of vulnerable versions of Nexus Repository Manager to version 3.15.2.