CVE-2024-5082

Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository 2 versions up to and including 2.15.1

Description: A Remote Code Execution issue has been discovered, related to incorrect code generation management. This allows a remote attacker to execute arbitrary code by publishing Maven artifacts, potentially leading to system compromise.

Recommendations: For versions up to and including 2.15.1, update to a version later than 2.15.1 to resolve the issue. As a temporary workaround, consider restricting access to the Maven artifact publication feature until a patch is available.