Description

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Remediation

References

https://hackerone.com/reports/654888

Related Vulnerabilities

CVE-2022-24818 Vulnerability in maven package org.geotools:gt-metadata

CVE-2021-21162 Vulnerability in maven package org.webjars.npm:electron

CVE-2021-21423 Vulnerability in npm package projen

CVE-2021-36686 Vulnerability in npm package yapi-vendor

CVE-2023-31717 Vulnerability in npm package @frangoteam/fuxa

Severity

Critical

Classification

CWE-78 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory