[NEXUS-23556] CVE-2020-11415: LDAP system credentials can be exposed by admin user - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.14.16, 3.22.0
Fix Version/s: 2.14.17, 3.22.1
Component/s: LDAP, Security
Labels:
- aop-maintenance
- security

Release Note:

Yes

Description

A nefarious admin user can retrieve the plain text of the LDAP system username and password

Attachments

Issue Links

causes

NEXUS-23887 LDAP connection UI looks broken, constantly prompts for password

Closed

NEXUS-23895 Save of LDAP user and group settings fails with error.

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Damian Bradicich

Last Updated By:: Wes Wannemacher

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 04/15/20 09:02 PM

Updated:: 08/07/20 05:09 PM

Resolved:: 04/15/20 09:02 PM

Date of First Response:: 11/May/20 9:25 PM

tigCommentSecurity.panel-title

PagerDuty