An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.
CPE | Name | Operator | Version |
---|---|---|---|
nexus_repository_manager | ge | 3.0 | |
nexus_repository_manager | lt | 3.22.1 | |
nexus_repository_manager | ge | 2.0 | |
nexus_repository_manager | lt | 2.14.17 |