CVE-2019-5475 – org.sonatype.nexus.plugins:nexus-yum-repository-plugin

Package

Manager: maven
Name: org.sonatype.nexus.plugins:nexus-yum-repository-plugin
Vulnerable Version: >=0 <2.14.14

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.56844 pctl0.98052

Details

OS Command Injection in Nexus Yum Repository Plugin The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Metadata

Created: 2019-09-11T23:04:57Z
Modified: 2021-08-17T22:25:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/09/GHSA-g5m7-57ph-j6p8/GHSA-g5m7-57ph-j6p8.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-g5m7-57ph-j6p8
Finding: F404
Auto approve: 1