CVE-2020-10199
unknown
KEV
CVSS v3
—
CVSS v2
—
VIR risk
1.5
Description
Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution.
CISA KEV
- Vendor
- Sonatype
- Product
- Nexus Repository
- Due date
- 2022-05-03
Predictions
Exploit likelihood
99%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2020-10199
Exploits
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.sonatype.nexus:nexus-extdirect | <3.21.2 | 3.21.2 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2020-10199
- https://cwe.mitre.org/data/definitions/917.html
- https://github.com/sonatype/nexus-public
- https://securitylab.github.com/advisories/GHSL-2020-015-nxrm-sonatype
- https://support.sonatype.com/hc/en-us/articles/360044882533
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10199
- http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.html
Verify integrity in audit chain (admin only). AS-IS.