Description

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Remediation

References

https://hackerone.com/reports/654888

Related Vulnerabilities

CVE-2022-29251 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-theme-ui

CVE-2021-23448 Vulnerability in npm package config-handler

CVE-2020-15779 Vulnerability in npm package socket.io-file

CVE-2018-25083 Vulnerability in npm package pullit

CVE-2023-30548 Vulnerability in npm package gatsby-plugin-sharp

Severity

Critical

Classification

CWE-78 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory