EnterpriseLdapManager contains a mutable ArrayList of LDAP connectors (cf. https://github.com/sonatype/nexus-internal/blob/5e34c8081fa48a0aeb5545c0c7f5aeb1d5d693a3/private/plugins/nexus-ldap-plugin/src/main/java/org/sonatype/nexus/ldap/internal/realms/EnterpriseLdapManager.java#L65). which is improperly managed for concurrent access.
- While getLdapConnectors() runs and rebuilds the list, nothing prevents/blocks a concurrent invocation of on(LdapClearCacheEvent), giving rise to concurrent add() and clear() invocations on a non-concurrent list
- While methods like authenticateUser() iterate over the returned array list from getLdapConnectors(), nothing blocks a concurrent invocation of on(LdapClearCacheEvent), causing ConcurrentModificationException or more cryptic failures from the iteration