Need help with CVE-2019-7238?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

mpgn
141 Stars 50 Forks 6 Commits 0 Opened issues

Description

🐱‍💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱‍💻

Services available

!
?

Need anything else?

Contributors list

# 9,414
Python
Ruby
Rails
active-...
6 commits

CVE-2019-7238

Nexus Repository Manager 3 Remote Code Execution without authentication < 3.15.0 found by Rico Tencent Security Yunding Lab and @voidfyoo

image

Detailed analysis (english): - https://chybeta.github.io/2019/02/18/Nexus-Repository-Manager-3-RCE-%E5%88%86%E6%9E%90-%E3%80%90CVE-2019-7238%E3%80%91/

Detailed analysis (not english): - https://xz.aliyun.com/t/4136 - https://www.lucifaer.com/2019/02/19/Nexus%20Repository%20Manager%203%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%EF%BC%88CVE-2019-7238%EF%BC%89/

Security advisory: - https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.