CVE-2020-15012

Vulnerability

A directory traversal vulnerability exists in Sonatype Nexus Repository Manager 2.x versions prior to 2.14.19. The flaw allows a user to request a crafted path that traverses up the file system, enabling access to files on disk that the Nexus process has read permissions for. This affects all Nexus Repository Manager 2.x versions up to and including 2.14.18 [1].

Exploitation

An attacker with network access to a vulnerable Nexus Repository Manager instance can exploit this vulnerability by sending a specially crafted HTTP request containing path traversal sequences (e.g., ../). No authentication is required to trigger the issue. The attacker can then read arbitrary files from the server's file system, limited only by the permissions of the user running the Nexus application [1].

Impact

Successful exploitation allows an unauthenticated attacker to read sensitive files, including Nexus Repository Manager configuration files, which may contain credentials, repository metadata, or other protected content. The attacker gains access to any file the Nexus process user can read, potentially leading to further compromise of the system [1].

Mitigation

Sonatype released Nexus Repository Manager version 2.14.19 on October 8, 2020, which fixes this vulnerability. All users are strongly advised to upgrade to this version or later. No workarounds have been provided. The vulnerability is not known to be exploited in the wild as of the advisory date [1].