CVE-2020-15012 | Nexus Repository Manager 2Ŀ¼±éÀú·ì϶¹«¸æ

°ä²¼¹¦·ò 2020-10-09

0x00 ·ì϶¸ÅÊö

CVE  ID

CVE-2020-15012

ʱ   ¼ä

2020-10-09

Àà   ÐÍ

Ŀ¼±éÀú

µÈ   ¼¶

¸ßΣ

Ô¶³ÌÀûÓÃ


Ó°ÏìÁìÓò

Nexus Repository Manager 2 <=2.14.18

 

Nexus RepositoryÊÇÒ»¸ö¿ªÔ´µÄ²Ö¿âÖÎÀíϵͳ£¬ÔÚ×°Öá¢ÅäÖá¢Ê¹Óõ¥Ò»µÄ»ù´¡ÉÏÌṩÁËÔ½·¢·á˶µÄÖ°ÄÜ¡£ËüÊǴmavenµÄ¾µÏñµÄ¹¤¾ßÖ®Ò»£¬ÔÚÈ«ÇòÁìÓòÄÚʹÓÃ¿í·º¡£

0x01 ·ì϶ÏêÇé

image.png

 

2020Äê10ÔÂ08ÈÕ£¬Sonatype°ä²¼°²È«²¼¸æ£¬Nexus Repository Manager 2ÖдæÔÚÒ»¸öĿ¼±éÀú·ì϶£¬·ì϶¸ú×ÙΪCVE-2020-15012¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷Õß¿ÉÄÜÖ´ÐÐĿ¼±éÀúÒÔ¶ÁÈ¡Ãô¸ÐÊý¾ÝÎļþ£¬²¢¶ÔÓû§¹«¿ªËÁÒâÎļþ¡£µ«ÒªÀûÓô˷ì϶£¬¹¥»÷Õß±ØÐëÓµÓжÔNexus Repository Manager instanceµÄÍøÂç½Ó¼ûȨÏÞ£¬ÄÜÁ¦²é¿´ÅäÖÃÎļþ»òÊܱ£»¤µÄÄÚÈÝ¡£

0x02 ´ëÖý¨Òé

Ä¿Ç°¹Ù·½ÒÑ°ä²¼°²È«¸üУ¬½¨Ò齫Nexus Repository Manager 2Éý¼¶µ½2.14.19×îа汾£º

ÏÂÔØÁ´½Ó£º

https://help.sonatype.com/repomanager2/download

0x03 ²Î¿¼Á´½Ó

https://support.sonatype.com/hc/en-us/articles/360051068253-CVE-2020-15012-Nexus-Repository-Manager-2-Directory-Traversal-2020-10-08

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15012

0x04 ¹¦·òÏß

2020-10-08  Sonatype°ä²¼°²È«²¼¸æ

2020-10-09  VSRC°ä²¼°²È«¹«¸æ

 

 

 

 

image.png