Nexus Repository Manager 3 remote command execution vulnerability (CVE-2019-7238)
Preface
Nexus Repository Manager 3 is a software repository that can be used to store and distribute software source repositories such as Maven and NuGET. In its 3.14.0 and earlier versions, there is an arbitrary JEXL expression execution function based on OrientDB custom functions, and this function has an unauthorized access vulnerability, which can lead to arbitrary command execution vulnerabilities.
Affected version
Nexus Repository Manager OSS/Pro 3.6.2 version-3.14.0 version
Vulnerability recurrence
Unauthorized login
Use the script to https://github.com/mpgn/CVE-2019-7238
change the script of the attacked host url to
run the script to rebound shell
monitoring