PT-2019-17696 · Sonatype · Nexus Yum Repository Plugin+1

Publicado

2019-09-03

Atualizado

2019-11-01

CVE-2019-5475

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Nexus Yum Repository Plugin version v2

Description The issue allows for Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Recommendations For Nexus Yum Repository Plugin version v2, consider restricting the use of CommandLineExecutor.java until a patch is available to prevent Remote Code Execution. Avoid supplying vulnerable data, such as the Yum Configuration Capability, to minimize the risk of exploitation.

Exploit

Correção

RCE

OS Command Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-77

Identificadores relacionados

BDU:2023-00715

CVE-2019-5475

GHSA-G5M7-57PH-J6P8

Produtos afetados

Nexus Repository Manager

Nexus Yum Repository Plugin

PT-2019-17696 · Sonatype · Nexus Yum Repository Plugin+1

CVE-2019-5475

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12