CVE-2019-7238

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-7238
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7238.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-7238
Published
2019-03-21T17:29:01.180Z
Modified
2026-04-11T17:54:13.173003Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

References

Affected packages

Git / github.com/sonatype/nexus-public

Affected ranges

Type
GIT
Repo
https://github.com/sonatype/nexus-public
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c2f0829b87243e3135ad904814055cce80d1f199
Database specific 
{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.15.0"
        }
    ]
}

Affected versions

release-3.*
release-3.3.0-01
release-3.4.0-02
release-3.5.0-02

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7238.json"
vanir_signatures_modified 
"2026-04-11T17:54:13Z"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/sonatype/nexus-public/commit/c2f0829b87243e3135ad904814055cce80d1f199",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "208692511352976568182103754237960133043",
                "74990247249709110158150990156180477767",
                "307077959047688440892793905934868821281",
                "47709534939967621917318129176965675468",
                "321412377927937070074702192854451592353",
                "322420523209599506953004839392435886038",
                "91708947973701064141041656005989242160",
                "54739688247677947372016039783006147025",
                "138715263177818567604048177222278261468",
                "117400316536697638481260715451806982338",
                "323949495500187031542691988954878428663"
            ]
        },
        "id": "CVE-2019-7238-288089dc",
        "deprecated": false,
        "target": {
            "file": "components/nexus-selector/src/test/java/org/sonatype/nexus/selector/JexlSelectorTest.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/sonatype/nexus-public/commit/c2f0829b87243e3135ad904814055cce80d1f199",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "206264537705924857101202537599980544112",
                "180112623239646380520856536888611669700",
                "2007790198428362097294391881725227474",
                "228440005676257650618301659525010717145",
                "42234807635865564556524264501623149978",
                "155545608563882549204795842911132038423",
                "222770020221938668984486950349566521128",
                "155940585670824626958595497493766433133"
            ]
        },
        "id": "CVE-2019-7238-89e17d1c",
        "deprecated": false,
        "target": {
            "file": "components/nexus-selector/src/main/java/org/sonatype/nexus/selector/JexlSelector.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/sonatype/nexus-public/commit/c2f0829b87243e3135ad904814055cce80d1f199",
        "digest": {
            "function_hash": "121984859542259809105006751370852194502",
            "length": 541.0
        },
        "id": "CVE-2019-7238-8bdc9d7a",
        "deprecated": false,
        "target": {
            "file": "components/nexus-selector/src/test/java/org/sonatype/nexus/selector/JexlSelectorTest.java",
            "function": "setUp"
        }
    }
]