nexus-yum-repository-plugin is vulnerable to remote code execution. An attacker with administrative access to nxrm
is able to execute arbitrary OS commands on the system by setting the path of createrepo
or mergerepo
to an OS command in the XML input.
CPE | Name | Operator | Version |
---|---|---|---|
nexus-yum-repository-plugin | le | 2.14.13-01 |