CVE-2019-7238
CVE-2019-7238
In short
Sonatype Nexus Repository Manager versions before 3.15.0 have a flaw that allows unauthorized users to access or modify repository contents that should be restricted. This is critical because repositories often contain sensitive software components.
Technical detail
The vulnerability stems from improper access control enforcement in Nexus Repository Manager prior to version 3.15.0, allowing unauthenticated or low-privileged attackers to bypass permission checks and access protected repositories. The attack requires network access to the Nexus instance with no special preconditions, resulting in unauthorized read/write access to repository data.
Summary generated and translated by AI from the official description.
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 6
githubgithub.com/mpgn/CVE-2019-7238★ 153githubgithub.com/jas502n/CVE-2019-7238★ 85githubgithub.com/verctor/nexus_rce_CVE-2019-7238★ 39githubgithub.com/magicming200/CVE-2019-7238_Nexus_RCE_Tool★ 24githubgithub.com/DannyRavi/nmap-scripts★ 2githubgithub.com/smallpiggy/CVE-2019-7238★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →