{"id":"CVE-2019-7238","details":"Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.","modified":"2026-04-11T17:54:13.173003Z","published":"2019-03-21T17:29:01.180Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7238"},{"type":"ADVISORY","url":"https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sonatype/nexus-public","events":[{"introduced":"0"},{"fixed":"c2f0829b87243e3135ad904814055cce80d1f199"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"fixed":"3.15.0"}]}}],"versions":["release-3.3.0-01","release-3.4.0-02","release-3.5.0-02"],"database_specific":{"vanir_signatures_modified":"2026-04-11T17:54:13Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7238.json","vanir_signatures":[{"target":{"file":"components/nexus-selector/src/test/java/org/sonatype/nexus/selector/JexlSelectorTest.java"},"deprecated":false,"id":"CVE-2019-7238-288089dc","source":"https://github.com/sonatype/nexus-public/commit/c2f0829b87243e3135ad904814055cce80d1f199","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["208692511352976568182103754237960133043","74990247249709110158150990156180477767","307077959047688440892793905934868821281","47709534939967621917318129176965675468","321412377927937070074702192854451592353","322420523209599506953004839392435886038","91708947973701064141041656005989242160","54739688247677947372016039783006147025","138715263177818567604048177222278261468","117400316536697638481260715451806982338","323949495500187031542691988954878428663"]},"signature_version":"v1"},{"target":{"file":"components/nexus-selector/src/main/java/org/sonatype/nexus/selector/JexlSelector.java"},"deprecated":false,"id":"CVE-2019-7238-89e17d1c","source":"https://github.com/sonatype/nexus-public/commit/c2f0829b87243e3135ad904814055cce80d1f199","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["206264537705924857101202537599980544112","180112623239646380520856536888611669700","2007790198428362097294391881725227474","228440005676257650618301659525010717145","42234807635865564556524264501623149978","155545608563882549204795842911132038423","222770020221938668984486950349566521128","155940585670824626958595497493766433133"]},"signature_version":"v1"},{"target":{"file":"components/nexus-selector/src/test/java/org/sonatype/nexus/selector/JexlSelectorTest.java","function":"setUp"},"deprecated":false,"id":"CVE-2019-7238-8bdc9d7a","source":"https://github.com/sonatype/nexus-public/commit/c2f0829b87243e3135ad904814055cce80d1f199","signature_type":"Function","digest":{"function_hash":"121984859542259809105006751370852194502","length":541},"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}