CVE-2024-5082

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Nov 14, 2024 / Updated: 6d ago

010
CVSS 7.1EPSS 0.04%High
CVE info copied to clipboard

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-5082

Nov 14, 2024 at 3:15 AM
CVSS

A CVSS base score of 7.1 has been assigned.

Nov 14, 2024 at 3:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-5082. See article

Nov 14, 2024 at 3:21 AM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 14, 2024 at 3:22 AM
CVSS

A CVSS base score of 4.3 has been assigned.

Nov 14, 2024 at 4:40 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.1%)

Nov 14, 2024 at 4:40 PM
Static CVE Timeline Graph

Affected Systems

Sonatype/nexus
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

News

Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability
Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions. These vulnerabilities, identified as CVE-2024-5082 and CVE-2024-5083, could potentially allow attackers to exploit the system through remote code execution (RCE) and cross-site scripting (XSS) attacks. All previous versions up to and including 2.15.1 are affected, […] The post Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability appeared first on GBHackers Security #1 Globally Trusted Cyber Security News Platform . This article has been indexed from GBHackers Security #1 Globally Trusted Cyber Security News Platform Read the original article: Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability The post Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability appeared first on IT Security News .
Sonatype Nexus Repository Manager Hit By RCE & XSS Vulnerability
The first vulnerability, CVE-2024-5082, is a remote code execution (RCE) flaw that affects all Sonatype Nexus Repository Manager 2.x OSS/Pro versions up to and including 2.15.1. Sonatype has disclosed two significant vulnerabilities in a critical security update released on November 13, 2024, affecting their Nexus Repository Manager 2.x versions.
Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability
Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions. These vulnerabilities, identified as CVE-2024-5082 and CVE-2024-5083, could potentially allow attackers to exploit the system through remote code execution (RCE) and cross-site scripting (XSS) attacks.
Sonatype Nexus Repository 2 Hit By RCE (CVE-2024-5082) and XSS (CVE-2024-5083) Flaws
Sonatype has issued two security advisories for its Nexus Repository Manager 2.x, a popular repository manager used by organizations worldwide to store and distribute software artifacts, warning users of two newly discovered vulnerabilities that demand immediate action. This vulnerability allows attackers to inject malicious scripts into maven artifacts.
NA - CVE-2024-5082 - A Remote Code Execution vulnerability has been...
A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI