Help us understand the problem. What is going on with this article?

[漏洞通告]Nexus Repository Manager 3.X多个高危漏洞通告

漏洞描述

近日,sonatype官网披露了旗下产品——Nexus Repository Manager3.X版本存在多个安全漏洞,包含CVE-2020-11444——越权修改密码、CVE-2020-10204——JavaEL表达式注入远程执行代码执行、CVE-2020-10199——JavaEL表达式注入远程执行代码执行.这一系列漏洞只需要一个低权限有效账户即可利用.

Nexus Repository是一个开源的仓库管理系统,可搭建npm、maven等私服.

漏洞编号

CVE-2020-11444
CVE-2020-10204
CVE-2020-10199

漏洞威胁等级

高危

影响范围

Nexus Repository Manager OSS/Pro <= 3.21.1

漏洞验证

CVE-2020-11444——越权修改密码
image.png
CVE-2020-10204——JavaEL表达式注入远程执行代码执行(已实现回显)
image.png
CVE-2020-10199——JavaEL表达式注入远程执行代码执行(已实现回显)
image.png

修复建议

升级到最新版本

时间轴

[0] 2020/03/31 sonatype官网披露安全漏洞CVE-2020-10199CVE-2020-10204
[1] 2020/04/02 sonatype官网披露安全漏洞CVE-2020-11444
[2] 2020/04/07 亚信安全网络攻防实验室分析&复现该漏洞并发布漏洞通告

鸣谢

感谢一起研究的以下小伙伴
lufei
l1nk3r
r00t4dm
Ntears、
pyn3rd

Reference

https://support.sonatype.com/hc/en-us/articles/360046133553-CVE-2020-11444-Nexus-Repository-Manager-3-Improper-Access-Controls-2020-04-02
https://support.sonatype.com/hc/en-us/articles/360044356194-CVE-2020-10204-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31
https://support.sonatype.com/hc/en-us/articles/360044882533-CVE-2020-10199-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31
https://www.cnblogs.com/magic-zero/p/12641068.html

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away