What is CVE-2024-5082?

CVE-2024-5082 is a vulnerability in Sonatype Nexus Repository, classified under Code Injection. Published 2024-11-14.

Is CVE-2024-5082 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Sonatype Nexus Repository

CVE-2024-5082

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.064 (91.2th percentile) — read the EPSS interpretation.

Affected products

Sonatype Nexus Repository — versions 2.0.0

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

cyb3r-w0lf/nuclei-template-collection

References

support.sonatype.com/hc/en-us/articles/30694125380755 (vendor-advisory)

Frequently asked questions

What is CVE-2024-5082?: CVE-2024-5082 is a vulnerability in Sonatype Nexus Repository, classified under Code Injection. Published 2024-11-14.
Is CVE-2024-5082 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.