CVE-2019-15588
N/A
N/A
Summary
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Nexus Repository Manager | <= 2.14.14 | affected |
Weaknesses
- CWE-77: Command Injection - Generic (CWE-77)
ADP Enrichment
CVE Program Container
Additional References
- https://hackerone.com/reports/688270
- https://support.sonatype.com/hc/en-us/articles/360033490774-CVE-2019-5475-Nexus-Repository-Manager-2-OS-Command-Injection-2019-08-09
References
- https://hackerone.com/reports/688270
- https://support.sonatype.com/hc/en-us/articles/360033490774-CVE-2019-5475-Nexus-Repository-Manager-2-OS-Command-Injection-2019-08-09
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.