CVE-2021-42568

Vulnerability

Sonatype Nexus Repository Manager versions 3.x through 3.35.0 contain an improper access control vulnerability in the SSL Certificates Loading function. The function is accessible to users with low-privileged accounts, meaning that authentication is not properly enforced to restrict access to this administrative feature [1].

Exploitation

An attacker requires only a valid low-privileged account on the Nexus Repository Manager instance. No additional network position or user interaction is needed beyond normal authentication. The attacker can simply navigate to the SSL Certificates Loading function via the web interface and access the functionality [1].

Impact

Successful exploitation allows the attacker to access the SSL certificates stored on the server. This could lead to exposure of sensitive certificate data, potentially enabling further attacks such as man-in-the-middle decryption or impersonation of services [1].

Mitigation

As of the publication date, no official patch or fixed version has been released by Sonatype. Administrators should review their Nexus Repository Manager configurations and restrict access to the SSL Certificate Loading function through other means, such as network segmentation or strict user role management. Upgrading to a future version beyond 3.35.0 is recommended once available [1].