PT-2019-17696 · Sonatype · Nexus Yum Repository Plugin+1

Published

2019-09-03

Updated

2019-11-01

CVE-2019-5475

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Nexus Yum Repository Plugin version v2

Description The issue allows for Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Recommendations For Nexus Yum Repository Plugin version v2, consider restricting the use of CommandLineExecutor.java until a patch is available to prevent Remote Code Execution. Avoid supplying vulnerable data, such as the Yum Configuration Capability, to minimize the risk of exploitation.

Exploit

Fix

RCE

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2023-00715

CVE-2019-5475

GHSA-G5M7-57PH-J6P8

Affected Products

Nexus Repository Manager

Nexus Yum Repository Plugin

PT-2019-17696 · Sonatype · Nexus Yum Repository Plugin+1

CVE-2019-5475

Weakness Enumeration

Related Identifiers

Affected Products

References · 12