CVE-2020-11444

Vulnerability

Sonatype Nexus Repository Manager versions 3.x up to and including 3.21.2 contain an incorrect access control vulnerability [1]. The flaw affects the built-in access control mechanisms, potentially allowing users to perform actions that should be restricted based on their assigned roles and privileges.

Exploitation

An attacker would need a valid user account on the affected Nexus Repository Manager instance. No unusual network position or race condition is required; the attacker can exploit the vulnerability through normal HTTP API calls or the web interface by sending crafted requests that bypass intended authorization checks.

Impact

If successfully exploited, an attacker with limited privileges could gain unauthorized access to repository management functions, read or modify repository content, or alter configuration settings. The specific impact depends on the privileges the attacker originally held and the exact nature of the access control bypass. This could lead to information disclosure, data manipulation, or privilege escalation within the Nexus application context.

Mitigation

Sonatype released a fixed version, Nexus Repository Manager 3.22.0, to address this issue [1]. Users running version 3.x prior to 3.22.0 should upgrade immediately. No effective workaround is available other than upgrading to the patched version.