Vulnerabilities > CVE-2020-10199 - Expression Language Injection vulnerability in Sonatype Nexus

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
sonatype
CWE-917
exploit available
metasploit

Summary

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).

Exploit-Db

idEDB-ID:48343
last seen2020-04-17
modified2020-04-17
published2020-04-17
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/48343
titleNexus Repository Manager - Java EL Injection RCE (Metasploit)

Metasploit

descriptionThis module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. This is a post-authentication vulnerability, so credentials are required to exploit the bug. Any user regardless of privilege level may be used. Tested against 3.21.1-01.
idMSF:EXPLOIT/LINUX/HTTP/NEXUS_REPO_MANAGER_EL_INJECTION
last seen2020-06-12
modified2020-04-22
published2020-04-15
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/nexus_repo_manager_el_injection.rb
titleNexus Repository Manager Java EL Injection RCE

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/157261/nexus_repo_manager_el_injection.rb.txt
idPACKETSTORM:157261
last seen2020-04-20
published2020-04-16
reporterAlvaro Munoz
sourcehttps://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html
titleNexus Repository Manager 3.21.1-01 Remote Code Execution