Sonatype Nexus Repository 3 Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability exists in Sonatype Nexus Repository 3, affecting versions 3.0.0 and later. This vulnerability allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, such as cloud metadata services and internal network resources. While a workaround is available starting in version 3.88.0, the product remains vulnerable by default.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal network resources or cloud metadata services, potentially allowing for credential theft or access to sensitive internal services.

Remediation

Users should upgrade to Sonatype Nexus Repository 3.88.0 or later, enable private network validation, and review existing proxy repository configurations. For environments unable to upgrade immediately, temporary mitigations include auditing proxy repository configurations, restricting administrator access, implementing network-level egress filtering, and monitoring proxy repository configuration changes through audit logs.