CVE-2019-5475

Vulnerability

Overview

The Nexus Yum Repository Plugin in version 2 is susceptible to a remote code execution (RCE) vulnerability. The flaw exists in the CommandLineExecutor.java component, which fails to properly sanitize user-supplied data. When instances of this plugin receive untrusted input, such as through the Yum Configuration Capability, an attacker can inject arbitrary operating system commands [1].

Exploitation

Details

Exploitation requires an attacker to supply crafted data to the affected CommandLineExecutor.java code path. The vulnerability can be triggered without authentication if the plugin's configuration interface or API endpoint is exposed. An attacker with network access to the Nexus Repository Manager can send a malicious Yum configuration request, which the plugin processes without adequate validation [1].

Impact

Successful exploitation allows an attacker to execute arbitrary commands on the underlying server with the same privileges as the Nexus application. This can lead to a full compromise of the repository manager, including unauthorized access to stored artifacts, sensitive data, and potential lateral movement within the infrastructure [1].

Mitigation

The vendor (Sonatype) has addressed this vulnerability with the release of Nexus Repository Manager 3.x (version 3.19.0-01 or later). Users are strongly advised to upgrade to a supported version. No workaround is currently available for version 2 of the plugin, which is considered end-of-life [1].