CVE-2020-10199| Nexus Repository ManagerÔ¶³Ì´úÂëÖ´ÐÐÎó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-04-02

0x00 Îó²î¸ÅÊö


CVE   ID

CVE-2020-10199

ʱ    ¼ä

2020-04-02

Àà    ÐÍ

Ô¶³Ì´úÂëÖ´ÐÐ

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£

Nexus Repository Manager OSS/Pro 3.x <= 3.21.1



0x01 Îó²îÏêÇé




Sonatype Nexus ÊÇÒ»¸ö Maven µÄ¿ÍÕ»ÖÎÀíϵͳ£¬£¬£¬£¬£¬£¬£¬ËüÌṩÁËÇ¿Ê¢µÄ¿ÍÕ»ÖÎÀí¡¢¹¹¼þËÑË÷µÈ¹¦Ð§£¬£¬£¬£¬£¬£¬£¬²¢ÇÒ¿ÉÒÔÓÃÀ´´î½¨ Maven ¿Íջ˽·þ£¬£¬£¬£¬£¬£¬£¬ÔÚÊðÀíÔ¶³Ì¿ÍÕ»µÄͬʱά»¤ÍâµØ¿ÍÕ»£¬£¬£¬£¬£¬£¬£¬ÒÔ½ÚÔ¼´ø¿íºÍʱ¼ä¡£ ¡£¡£¡£¡£


ÔÚ Nexus Repository Manager OSS/Pro 3.21.1 ¼°Ö®Ç°µÄ°æ±¾ÖУ¬£¬£¬£¬£¬£¬£¬¾­ÓÉÊÚȨÈÏÖ¤µÄ¹¥»÷Õߣ¬£¬£¬£¬£¬£¬£¬¿ÉÒÔͨ¹ý JavaEL ±í´ïʽעÈëÔì³ÉÔ¶³Ì´úÂëÖ´ÐУ¬£¬£¬£¬£¬£¬£¬»ñȡϵͳȨÏÞ¡£ ¡£¡£¡£¡£


0x02 ´¦Öóͷ£½¨Òé


¸üРNexus Repository Manager µ½3.21.2»ò¸ü¸ß°æ±¾£º

https://help.sonatype.com/repomanager3/download/


0x03 Ïà¹ØÐÂÎÅ


https://support.sonatype.com/hc/en-us/articles/360044882533


0x04 ²Î¿¼Á´½Ó


https://nvd.nist.gov/vuln/detail/CVE-2020-10199


0x05 ʱ¼äÏß


2020-03-31 Sonatype¹Ù·½Ðû²¼Îó²îͨ¸æ

2020-04-01 CVE Ðû²¼¸ÃÎó²î