CVE-2020-11415

2020-04-2715:15:12

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.4%

JSON

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.

CPENameOperatorVersion
nexus-publiceqrelease-3.3.0-01
nexus-publiceqrelease-3.5.0-02
nexus-publiceqrelease-3.20.0-04
nexus-publiceqrelease-3.22.0-02
nexus-publiceqrelease-3.21.0-05
nexus-publiceqrelease-3.20.1-01
nexus-publiceqrelease-3.4.0-02

Name	Operator	Version
nexus-public	eq	release-3.3.0-01
nexus-public	eq	release-3.5.0-02
nexus-public	eq	release-3.20.0-04
nexus-public	eq	release-3.22.0-02
nexus-public	eq	release-3.21.0-05
nexus-public	eq	release-3.20.1-01
nexus-public	eq	release-3.4.0-02

References

support.sonatype.com/hc/en-us/articles/360045360854