svn commit: r516967 - head/security/vuxml
Dmitri Goutnik
dmgk at FreeBSD.org
Thu Nov 7 12:09:26 UTC 2019
Author: dmgk
Date: Thu Nov 7 12:09:25 2019
New Revision: 516967
URL: https://svnweb.freebsd.org/changeset/ports/516967
Log:
security/vuxml: Document nexus2-oss vulnerabilities
PR: 241308
Approved by: tz (mentor, implicit)
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Nov 7 11:58:29 2019 (r516966)
+++ head/security/vuxml/vuln.xml Thu Nov 7 12:09:25 2019 (r516967)
@@ -58,6 +58,46 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="b2f9573a-008c-11ea-9801-10c37b4ac2ea">
+ <topic>nexus2-oss -- Multiple vulerabilities</topic>
+ <affects>
+ <package>
+ <name>nexus2-oss</name>
+ <range><lt>2.14.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Sonatype reports:</p>
+ <blockquote cite="https://help.sonatype.com/repomanager2/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager2.14.15">
+ <p>Several RCE vulnerabilities have been found and corrected in 2.14.15:</p>
+ <p>CVE-2019-16530: An attacker with elevated privileges can upload a
+ specially crafted file. That file can contain commands that will
+ be executed on the system, with the same privileges as the user
+ running the server.</p>
+ <p>CVE-2019-15893: A Remote Code Execution vulnerability has been
+ discovered in Nexus Repository Manager requiring immediate
+ action. The vulnerability allows for an attacker with
+ administrative access to NXRM to create repostories that can
+ grant access to read/execute system data outside the scope of
+ NXRM.</p>
+ <p>CVE-2019-5475: A vulnerability has been found that can allow
+ user's with administrative privileges to run processes on the
+ target server, that the nxrm os user has access to.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2019-16530</cvename>
+ <cvename>CVE-2019-15893</cvename>
+ <cvename>CVE-2019-5475</cvename>
+ </references>
+ <dates>
+ <discovery>2019-09-19</discovery>
+ <entry>2019-11-07</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6a7c2ab0-00dd-11ea-83ce-705a0f828759">
<topic>php -- env_path_info underflow in fpm_main.c can lead to RCE</topic>
<affects>
More information about the svn-ports-all
mailing list