First published: Tue Sep 03 2019(Updated: )
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sonatype Nexus Repository Manager | >=2.0<=2.14.9-01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5475 is a vulnerability in the Nexus Yum Repository Plugin in version 2 of Sonatype Nexus Repository Manager that allows remote code execution.
CVE-2019-5475 has a severity rating of 8.8 out of 10, which is considered critical.
The Nexus Yum Repository Plugin in version 2 of Sonatype Nexus Repository Manager is affected by CVE-2019-5475.
To fix CVE-2019-5475, it is recommended to update Sonatype Nexus Repository Manager to a version that is not affected by the vulnerability.
More information about CVE-2019-5475 can be found at the following link: https://hackerone.com/reports/654888