PT-2019-6220 · Sonatype · Sonatype Nexus Repository Manager+1

Publicado

2019-03-21

Atualizado

2025-11-06

CVE-2019-7238

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.15.0

Description The issue is related to incorrect access control in the Sonatype Nexus Repository Manager, which can be exploited by a remote attacker to execute arbitrary code. This is due to insecure privilege management.

Recommendations For versions prior to 3.15.0, update to version 3.15.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the repository manager to minimize the risk of exploitation.

Exploit

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

BDU:2022-04016

CVE-2019-7238

Produtos afetados

Nexus Repository Manager

Sonatype Nexus Repository Manager

PT-2019-6220 · Sonatype · Sonatype Nexus Repository Manager+1

CVE-2019-7238

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15