Information Disclosure

2020-04-2802:40:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

28.4%

JSON

nexus-coreui-plugin is vulnerable to information disclosure. The vulnerability exists as users with admin privileges could retrieve the LDAP server’s system’s credentials, as configured in nxrm, in plaintext.

CPENameOperatorVersion
nexus-coreui-pluginle3.21.1-01
nexus-ldap-realm-pluginle2.14.16-01
nexus-ldap-realm-pluginle2.5.1-01

Name	Operator	Version
nexus-coreui-plugin	le	3.21.1-01
nexus-ldap-realm-plugin	le	2.14.16-01
nexus-ldap-realm-plugin	le	2.5.1-01

References

github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5

github.com/sonatype/nexus-public/commit/3f786f200289bea9d3a72c965004ea31559ce8ee

support.sonatype.com/hc/en-us/articles/360045360854

0.001 Low

EPSS

Percentile

28.4%

JSON

Related for VERACODE:25076