module
Nexus Repository Manager Java EL Injection RCE
| Disclosed |
|---|
| 2020-03-31 |
Disclosed
2020-03-31
Description
This module exploits a Java Expression Language (EL) injection in
Nexus Repository Manager versions up to and including 3.21.1 to
execute code as the Nexus user.
This is a post-authentication vulnerability, so credentials are
required to exploit the bug. Any user regardless of privilege level
may be used.
Tested against 3.21.1-01.
Nexus Repository Manager versions up to and including 3.21.1 to
execute code as the Nexus user.
This is a post-authentication vulnerability, so credentials are
required to exploit the bug. Any user regardless of privilege level
may be used.
Tested against 3.21.1-01.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.