Need help with CVE-2019-7238?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

mpgn
138 Stars 47 Forks 6 Commits 0 Opened issues

Description

🐱‍💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱‍💻

Services available

!
?

Need anything else?

Contributors list

# 12,546
Python
Ruby
Rails
active-...
6 commits

CVE-2019-7238

Nexus Repository Manager 3 Remote Code Execution without authentication < 3.15.0 found by Rico Tencent Security Yunding Lab and @voidfyoo

image

Detailed analysis (english): - https://chybeta.github.io/2019/02/18/Nexus-Repository-Manager-3-RCE-%E5%88%86%E6%9E%90-%E3%80%90CVE-2019-7238%E3%80%91/

Detailed analysis (not english): - https://xz.aliyun.com/t/4136 - https://www.lucifaer.com/2019/02/19/Nexus%20Repository%20Manager%203%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%EF%BC%88CVE-2019-7238%EF%BC%89/

Security advisory: - https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.