Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.
Starting in version 3.88.0, administrators can configure the private network validation setting to block proxy repositories from accessing private network destinations. Cloud metadata endpoints (169.254.169.254) are always blocked regardless of configuration. See the security documentation at https://help.sonatype.com/en/securing-nexus-repository-manager.html for detailed configuration steps.