.. / CVE-2020-10199

Exploit for Sonatype Nexus Repository Manager 3 - Remote Code Execution (CVE-2020-10199)

Description:

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection

Nuclei Template

View the template here CVE-2020-10199.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-10199.yaml
Copy

References:

https://securitylab.github.com/advisories/GHSL-2020-011-nxrm-sonatype
https://twitter.com/iamnoooob/status/1246182773427240967
https://cwe.mitre.org/data/definitions/917.html
http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.html
https://nvd.nist.gov/vuln/detail/CVE-2020-10199