PT-2019-6220 · Sonatype · Sonatype Nexus Repository Manager+1

Published

2019-03-21

Updated

2025-11-06

CVE-2019-7238

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.15.0

Description The issue is related to incorrect access control in the Sonatype Nexus Repository Manager, which can be exploited by a remote attacker to execute arbitrary code. This is due to insecure privilege management.

Recommendations For versions prior to 3.15.0, update to version 3.15.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the repository manager to minimize the risk of exploitation.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2022-04016

CVE-2019-7238

Affected Products

Nexus Repository Manager

Sonatype Nexus Repository Manager

PT-2019-6220 · Sonatype · Sonatype Nexus Repository Manager+1

CVE-2019-7238

Weakness Enumeration

Related Identifiers

Affected Products

References · 15