Today, an article was brought to our attention that suggests a new attack tactic targeted an old vulnerability in Sonatype Nexus Repository 3 - CVE-2019-7238.
When the vulnerability was flagged to us in December 2018, we responded immediately, fixed the identified vulnerability and removed the threat. At the time, we also took numerous steps across multiple distribution channels to reach all Sonatype Nexus Repository customers and users to ensure they were aware of the issue and provided proper support.
While most of our users have updated several times since the vulnerability fix was released, with this new spotlight, we wanted to reiterate the importance of upgrading to the latest version of Sonatype Nexus Repository.
Resources: