We found results for “”
CVE-2019-5475
Good to know:
Date: September 3, 2019
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
OS Command Injections
CWE-78Top Fix
Upgrade Version
Upgrade to version org.sonatype.nexus.plugins:nexus-yum-repository-plugin:2.14.14-01
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | SINGLE |
Confidentiality (C): | COMPLETE |
Integrity (I): | COMPLETE |
Availability (A): | COMPLETE |
Additional information: |