Today, an article was brought to our attention that suggests a new attack tactic was targeting an old vulnerability in Sonatype Nexus Repository 3 - CVE-2019-7238.
When the vulnerability was flagged to us in December 2018, we responded immediately, fixed the identified vulnerability and removed the threat. At the time, we also subsequently took numerous steps across multiple distribution channels to reach all Sonatype Nexus Repository customers and users to ensure that they were aware of the issue and provide proper support.
While a majority of our users have updated several times since the vulnerability fix was released, with this new spotlight, we wanted to again emphasize the importance of upgrading to the latest version of Sonatype Nexus Repository.
Resources:
-
For additional details on CVE-2019-7238, please visit our official advisory.
-
While the vulnerability discussed in this post is fixed in Sonatype Nexus Repository 3.15 and above, we highly recommend updating to the latest version of Sonatype Nexus Repository 3 which can be downloaded from: https://help.sonatype.com/repomanager3/download
-
For detailed information on upgrade compatibility, please see: https://support.sonatype.com/hc/en-us/articles/115000350007
If you run into any problems, or have any questions/concerns, please contact us by filing a ticket at https://support.sonatype.com.
Brent is the Director of Product Marketing connecting developers and DevOps communities to Sonatype Nexus tools and technologies.
Explore All Posts by Brent Kostak
Try Nexus Repository Free Today
Sonatype Nexus Repository is the world’s most trusted artifact repository manager. Experience the difference and download Community Edition for free.