Nexus Repository Manager 3 Ô¶³Ì´úÂëÖ´ÐÐÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-02-14

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-7238£¬ £¬ £¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬ £¬£¬ £¬£¬ CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì¹æÄ£


ÊÜÓ°Ïì°æ±¾£º 

Nexus Repository Manager OSS/Pro 3.x < 3.15


Îó²î¸ÅÊö


2019Äê2ÔÂ5ÈÕ£¬ £¬ £¬£¬ £¬£¬Sonatype ¹Ù·½Ðû²¼Ç徲ͨ¸æ£¬ £¬ £¬£¬ £¬£¬ÐÞ¸´Á˱£´æÓÚ Nexus Repository Manager 3ÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î ¡£¡£¡£¡£


Sonatype NexusÊÇÒ»¸öMavenµÄ¿ÍÕ»ÖÎÀíϵͳ£¬ £¬ £¬£¬ £¬£¬ËüÌṩÁËÇ¿Ê¢µÄ¿ÍÕ»ÖÎÀí¡¢¹¹¼þËÑË÷µÈ¹¦Ð§£¬ £¬ £¬£¬ £¬£¬²¢ÇÒ¿ÉÒÔÓÃÀ´´î½¨Maven¿Íջ˽·þ£¬ £¬ £¬£¬ £¬£¬ÔÚÊðÀíÔ¶³Ì¿ÍÕ»µÄͬʱά»¤ÍâµØ¿ÍÕ»£¬ £¬ £¬£¬ £¬£¬ÒÔ½ÚÔ¼´ø¿íºÍʱ¼ä ¡£¡£¡£¡£


ÔÚNexus Repository Manager OSS/Pro 3.15֮ǰµÄ°æ±¾ÖУ¬ £¬ £¬£¬ £¬£¬ÓÉÓÚij´¦¹¦Ð§È±·¦»á¼û¿ØÖÆ£¬ £¬ £¬£¬ £¬£¬ÇÒδÄÜ׼ȷ´¦Öóͷ£Óû§´«ÈëµÄÊý¾Ý£¬ £¬ £¬£¬ £¬£¬µ¼ÖÂÔ¶³ÌÇÒδ¾­ÊÚȨÈÏÖ¤µÄ¹¥»÷Õߣ¬ £¬ £¬£¬ £¬£¬½öͨ¹ýÒ»¸ö¶ñÒâµÄ HTTPÇëÇó£¬ £¬ £¬£¬ £¬£¬¾Í¿ÉÒÔÔÚЧÀͶËÖ´ÐÐí§ÒâJava´úÂ룬 £¬ £¬£¬ £¬£¬»ñȡϵͳȨÏÞ£º


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾



ÏÖÔÚ¹Ù·½ÒѾ­Í¨¹ýÌí¼Ó»á¼û¿ØÖƲ½·¥ºÍ½ûÓÃЧÀÍÆ÷ÉÏÌض¨Â·¾¶µÄJava´úÂëÖ´ÐÐÄÜÁ¦À´»º½â¸ÃÎó²î ¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ¹Ù·½ÒѾ­Ðû²¼Ð°汾ÐÞ¸ÄÁ˸ÃÎó²î£¬ £¬ £¬£¬ £¬£¬ÇëÉý¼¶ Nexus Repository Manager OSS/Pro 3 µ½ 3.15 °æ±¾ ¡£¡£¡£¡£ÏÂÔØÁ´½Ó£ºhttps://help.sonatype.com/repomanager3/download ¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019