Vulnerabilities > CVE-2019-7238 - Unspecified vulnerability in Sonatype Nexus
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
Vulnerable Configurations
Nessus
NASL family | Misc. |
NASL id | SONATYPE_NEXUS_3_15.NASL |
description | The Sonatype Nexus Repository Manager server application running on the remote host is version 3.x prior to 3.15.0. It is, therefore, affected by a remote code execution vulnerability due to insufficient access controls. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 127058 |
published | 2019-07-26 |
reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/127058 |
title | Sonatype Nexus Repository Manager Missing Access Controls RCE |
The Hacker News
id | THN:66694DD5D9C12B2B7881AB6C960E34DC |
last seen | 2019-07-25 |
modified | 2019-07-25 |
published | 2019-07-25 |
reporter | The Hacker News |
source | https://thehackernews.com/2019/07/linux-malware-windows-bluekeep.html |
title | Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List |
References
- https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019
- https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019