CVE-2021-43961

Vulnerability

Sonatype Nexus Repository Manager version 3.36.0 is affected by an HTML injection vulnerability [1]. The official description states that the software "allows HTML Injection" [1], meaning that user-supplied data is not properly sanitized before being rendered in a web page context. The affected version is 3.36.0, and the vulnerability likely resides in a component that handles user input without escaping HTML characters.

Exploitation

An attacker needs to be able to submit crafted input to a vulnerable endpoint in the Nexus Web UI. No authentication is explicitly required per the description, suggesting the injection could occur in an unauthenticated area such as a login page, error message, or search form. The attacker can inject arbitrary HTML, including `` tags, by submitting specially encoded strings that are then echoed back to other users without sanitization.

Impact

Successful exploitation allows an attacker to inject arbitrary HTML content into a page served by the repository manager. This can be used for phishing attacks, credential harvesting (by presenting a fake login form), or defacement. The impact is limited to HTML injection; the attacker does not gain direct access to the server or stored data, but can potentially steal session cookies or authentication tokens from users visiting the injected page.

Mitigation

Sonatype has not disclosed a fix or a patched version in the available references [1]. Users should monitor the vendor's security advisories for an upcoming release. As a workaround, ensure that the repository manager is not directly exposed to untrusted networks, and restrict access to trusted users only. If the installation reference material is outdated, consider reaching out to Sonatype support for the latest guidance.