Description

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Remediation

References

https://hackerone.com/reports/654888

Related Vulnerabilities

CVE-2020-8134 Vulnerability in npm package ghost

CVE-2023-31719 Vulnerability in npm package @frangoteam/fuxa

CVE-2020-8244 Vulnerability in maven package org.webjars.npm:bl

CVE-2023-25572 Vulnerability in maven package org.webjars.npm:ra-ui-materialui

CVE-2021-46037 Vulnerability in maven package net.mingsoft:ms-mcms

Severity

Critical

Classification

CWE-78 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory