Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
Help us understand the problem. What is going on with this article?

[漏洞预警]CVE-2019-15588/Nexus Repository Manager Yum插件远程命令执行

More than 1 year has passed since last update.

漏洞描述

近日安全研究人员badcode披露了Nexus Repository Manager <= 2.14.14存在远程代码执行漏洞.漏洞存在于其内置的Nexus Yum存储库插件.该漏洞为CVE-2019-5475的绕过且需要具有部署权限的账号,登录后方可触发.

CVE编号

CVE-2019-15588

漏洞威胁等级

高危

影响范围

Nexus Repository Manager OSS <= 2.14.14
Nexus Repository Manager Pro <= 2.14.14

漏洞验证

使用payload进行任意命令执行

image.png

该漏洞成因为org.sonatype.nexus.yum.internal.task.CommandLineExecutor中的getCleanCommand方法未做过滤

image.png

时间轴

[0] 2019年9月5日 badcode提交该漏洞
[1] 2019年11月1日 NVD发布该漏洞
[2] 2019年11月4日 亚信安全网络攻防实验室发布预警公告

修复建议

  • 1.升级至最新版本
  • 2.修改部署账号口令

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-15588

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away