CVE-2019-7238

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

Basic Information

CVE State: PUBLISHED
Reserved Date: January 30, 2019
Published Date: March 21, 2019
Last Updated: February 04, 2025
Vendor: n/a
Product: n/a
Description: Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2021-12-10 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2021-05-20 14:03:10 UTC) Source

References

https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-12-10 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-7238.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

smallpiggy/CVE-2019-7238

Type: github • Created: 2021-05-20 14:03:10 UTC • Stars: 1

RCE

magicming200/CVE-2019-7238_Nexus_RCE_Tool

Type: github • Created: 2020-01-10 09:19:10 UTC • Stars: 24

CVE-2019-7238 Nexus RCE漏洞图形化一键检测工具。CVE-2019-7238 Nexus RCE Vul POC Tool.

verctor/nexus_rce_CVE-2019-7238

Type: github • Created: 2019-07-26 16:08:40 UTC • Stars: 40

Some debug notes and exploit(not blind)

jas502n/CVE-2019-7238

Type: github • Created: 2019-05-21 13:16:02 UTC • Stars: 82

Nexus Repository Manager 3 Remote Code Execution without authentication < 3.15.0

mpgn/CVE-2019-7238

Type: github • Created: 2019-02-24 23:09:43 UTC • Stars: 150

🐱‍💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱‍💻