nexus-coreui-plugin is vulnerable to information disclosure. The vulnerability exists as users with admin privileges could retrieve the LDAP server’s system’s credentials, as configured in nxrm, in plaintext.
CPE | Name | Operator | Version |
---|---|---|---|
nexus-coreui-plugin | le | 3.21.1-01 | |
nexus-ldap-realm-plugin | le | 2.14.16-01 | |
nexus-ldap-realm-plugin | le | 2.5.1-01 |