CVE-2020-15869

Vulnerability

Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 are affected by a stored cross-site scripting (XSS) vulnerability [1]. The bug resides in the application's handling of user-supplied input, where insufficient sanitization permits injection of arbitrary JavaScript into repository metadata or configuration fields that are later rendered in the administrative web interface.

Exploitation

An attacker requires authenticated access to the Nexus Repository Manager with privileges to modify repository settings or upload components containing metadata. The attacker crafts a payload containing malicious script tags embedded in fields such as repository name, description, or asset attributes. When an administrator or other user views the affected page, the script executes in the context of the victim's session.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript within the context of the victim's browser session. This can lead to session hijacking, credential theft, or performing administrative actions on behalf of the victim, depending on the privileges of the victim's account.

Mitigation

Sonatype Nexus Repository Manager OSS/Pro version 3.25.1 and later contain the fix for this vulnerability [1]. Users must upgrade to 3.25.1 or a newer release. No workarounds are documented in the available reference.