Date: April 2, 2020
Affected Versions: Nexus Repository Manager 3.x up to and including 3.21.2
Fixed in Version: 3.22.0
An Improper Access Control vulnerability has been discovered in Nexus Repository Manager 3, an authenticated user has the ability to change other users configuration. We have mitigated the vulnerabilities in version 3.22.0. See the knowledge base article for more details.
We recommend all instances of NXRM 3.x upgrade to 3.22.0 or later as soon as possible.
Credit:
The vulnerability was discovered and reported by “David Lindner @golfhackerdave”, Thank you!