Sonatype Nexus Repository 2 Server-Side Request Forgery Vulnerability in Remote Browser Plugin

A server-side request forgery (SSRF) vulnerability has been identified in the Remote Browser Plugin for Sonatype Nexus Repository versions 2.x up to and including 2.15.2. This vulnerability allows unauthenticated remote attackers to exfiltrate proxy repository credentials by sending crafted HTTP requests. The issue arises when a proxy repository is configured with authentication, enabling the leakage of credentials to attacker-controlled servers via the vulnerable plugin.

Impact

Exploitation of this vulnerability could lead to unauthorized access to proxy repository credentials, which could then be used to authenticate against those repositories or for other malicious purposes.

Remediation

Users are advised to migrate to Sonatype Nexus Repository 3, as Nexus Repository Manager 2.x has reached end-of-life and no longer receives security updates. If immediate migration is not possible, the Remote Browser Plugin can be disabled or removed, and Nexus Repository Manager 2.x instances should be placed behind a restrictive reverse proxy or firewall that limits outbound connections.