CNNVD-202510-1126 Information
CNNVD ID
CNNVD-202510-1126
Related CVE
- CNNVD Published: 2025-10-08
Description (Chinese)
Sonatype Nexus Repository是美国Sonatype公司的一款存储库管理器,它主要用于管理、存储和分发软件等。 Sonatype Nexus Repository 2.15.2及之前版本存在安全漏洞,该漏洞源于远程浏览器插件存在服务端请求伪造,可能导致代理存储库凭据泄露。
Description (English)
Sonatipe Nexus Repivory is a repository manager of Sonatipe, United States, which is used mainly for the management, storage and distribution of software. There is a security loophole in the Sonype Nexus Repository 2.15.2 and earlier versions, which stems from the presence of a service-end request for forgery of the remote browser plugin, which could lead to the disclosure of evidence from the proxy repository.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Sonatype
Published
2025-10-08
Last Modified
2026-02-24
References
https://support.sonatype.com/hc/en-us/articles/45363201583635 https://access.redhat.com/security/cve/cve-2025-9868 https://vigilance.fr/vulnerability/Sonatype-Nexus-Repository-Manager-2-Server-Side-Request-Forgery-via-Remote-Browser-Plugin-48419
Patch
https://support.sonatype.com/hc/en-us/articles/45363201583635
Share on: