CVE-2020-11415
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-11415
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11415.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-11415
- Published
- 2020-04-27T15:15:12.360Z
- Modified
- 2025-11-14T10:10:16.024559Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.
- References
Affected packages
Git / github.com/sonatype/nexus-public
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sonatype/nexus-public
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
release-2.*
release-2.14.10-01
release-2.14.11-01
release-2.14.12-02
release-2.14.13-01
release-2.14.14-01
release-2.14.15-01
release-2.14.16-01
release-2.14.4-02
release-2.14.4-03
release-2.14.5-02
release-2.14.9-01
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1698.0,
"function_hash": "240645833721311142931188455201698130904"
},
"signature_version": "v1",
"id": "CVE-2020-11415-11459837",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"function": "enableCircularRedirectsForHosts",
"file": "components/nexus-core/src/test/java/org/sonatype/nexus/proxy/storage/remote/httpclient/HttpClientManagerTest.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"313652728092155124131652578897596951363",
"75552395171418087663321023820132818466",
"80308844729590517458752855001488350267",
"241298378827831399649577271181318244136"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2020-11415-250ad543",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"file": "components/nexus-core/src/test/java/org/sonatype/nexus/proxy/RepoConversionTest.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"105732598505126494730968126994249973236",
"5486727952625091785569061560646227169",
"26802220004424442769552865934949746844",
"89706019866321764821478914035592323550",
"302507516099481240891020680188249938979",
"2426180230470377667687938366976049923",
"254448962362602149670332302846941792623",
"148379250760639972240292922577561488661",
"325188647305976736770208098843764948054",
"292441688030371188746756674262591191351",
"134288337058826603750685886338816599626",
"255833137315742082294271631174665333027",
"19316709357196148287756445787288849473",
"297534156402927260252078887693327878714",
"273870472383021806250175286091104506890",
"152833066918038186165688582943319526249",
"104184821476952716407659788619231091551"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2020-11415-2a608fb4",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"file": "plugins/security/nexus-ldap-realm-plugin/src/main/java/org/sonatype/nexus/security/ldap/realms/api/AbstractLdapRealmPlexusResource.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 606.0,
"function_hash": "213192425349250113544587698998596760416"
},
"signature_version": "v1",
"id": "CVE-2020-11415-2d200f42",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"function": "getConnectionInfo",
"file": "plugins/security/nexus-ldap-realm-plugin/src/main/java/org/sonatype/nexus/security/ldap/realms/test/api/LdapUserAndGroupConfigTestPlexusResource.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 206.0,
"function_hash": "198856939401472080567237448991879447659"
},
"signature_version": "v1",
"id": "CVE-2020-11415-4631c814",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"function": "testAutoBlockNotification",
"file": "testsuite/legacy-testsuite/src/test/java/org/sonatype/nexus/testsuite/misc/nexus421/Nexus421PlainNotificationIT.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1403.0,
"function_hash": "141482858816590367538143224742830331263"
},
"signature_version": "v1",
"id": "CVE-2020-11415-50a2156c",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"function": "checkRepositoryRemoteAvailabilityNeglectLastModified",
"file": "components/nexus-core/src/test/java/org/sonatype/nexus/proxy/storage/remote/httpclient/HttpClientRemoteStorageTest.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"76937787166610975614785287325581180696",
"47592977512203792220475622536246452690",
"261963528943652143194338839149025374878",
"81116282339286153062507326765973168649",
"76937787166610975614785287325581180696",
"47592977512203792220475622536246452690",
"261963528943652143194338839149025374878",
"8667927618148278804615146587360225262"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2020-11415-58c922ca",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"file": "components/nexus-core/src/test/java/org/sonatype/nexus/proxy/storage/remote/httpclient/HttpClientManagerTest.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1760.0,
"function_hash": "280974540491874418763583610621608211711"
},
"signature_version": "v1",
"id": "CVE-2020-11415-6dc63bbd",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"function": "useCookiesForHosts",
"file": "components/nexus-core/src/test/java/org/sonatype/nexus/proxy/storage/remote/httpclient/HttpClientManagerTest.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"287368276655180284869038877316923808104",
"97371735463767145816171830137553963059",
"74232037770447291550425508797409727055",
"8680744761148665961318336946404209515",
"188164282471286827070073082252442163110",
"218092425759497368720486118953813493468",
"336158656351160641407862554926511106874",
"196015033379296924224024635756873859215"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2020-11415-6e08edee",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"file": "testsuite/legacy-testsuite/src/test/java/org/sonatype/nexus/testsuite/p2/AbstractNexusP2IT.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"36154398710401179399469910237234268179",
"217567070303244386307500693940184436339",
"337783925376695354837115980903317907964",
"153154282570817578589685481857037028730",
"17887781169321301513167116959678423242",
"48315428543199646586774622377406514372",
"122826859664113519752828357231254059282",
"17987084197544495331682315440727060422",
"86434469051012956011969367594849678931",
"205579455564456532580505916844059046793"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2020-11415-7e353f64",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"file": "testsupport/nexus-test-harness-launcher/src/main/java/org/sonatype/nexus/integrationtests/MavenVerifierHelper.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"337292999257030301995547166643228680045",
"66759614147349769575237312688118647888",
"130039926844918441426469041557339354073",
"2441115962179044294038702986940917231",
"67033778631094604664925120294731288518",
"147935754953463013180335811718389290611",
"302507516099481240891020680188249938979",
"2426180230470377667687938366976049923",
"303930312423146421718823081141445846952",
"128828440205874627595277229762924718368",
"156001098977200925507359159537656554090",
"19748843971831624905393684739387683081",
"74644176691881472348070729612989020243"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2020-11415-88da26b9",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"file": "plugins/security/nexus-ldap-realm-plugin/src/main/java/org/sonatype/nexus/security/ldap/realms/test/api/LdapUserAndGroupConfigTestPlexusResource.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"257463456077024846397483781880213451235",
"7829308363652557466283814297362189800",
"85522858717171682583471968426454723280",
"274512931955911907272747244466553149534"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2020-11415-8f43c673",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"file": "testsuite/modern-testsuite/src/test/java/org/sonatype/nexus/testsuite/routing/RoutingSanityIT.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"16500945813323814449835362205242917511",
"207582526188893082475654255150281755653",
"99423431276113497360266227782001943586",
"43901037432536308310903024669118364962"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2020-11415-9031fba7",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"file": "components/nexus-core/src/test/java/org/sonatype/nexus/proxy/repository/AnAbstractProxyRepositoryRetrieveRemoteItemMethodTest.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 488.0,
"function_hash": "255614087802833881110851642288705602787"
},
"signature_version": "v1",
"id": "CVE-2020-11415-9817385b",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"function": "ldapToRestModel",
"file": "plugins/security/nexus-ldap-realm-plugin/src/main/java/org/sonatype/nexus/security/ldap/realms/api/AbstractLdapRealmPlexusResource.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"184802936127081329308963733765782224856",
"81192444720934503718542493967186493170",
"186178878927137068259956188214583784232",
"28636624238064231287944201102577507844"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2020-11415-98515ee2",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"file": "components/nexus-core/src/test/java/org/sonatype/nexus/proxy/maven/routing/internal/scrape/NexusScraperTest.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"236531211909953826035585792587243477514",
"18072328923966546229035553277661375259",
"256556702301359487253913145703288083935",
"276969776425164833351334127357063407339"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2020-11415-9a376927",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"file": "components/nexus-core/src/test/java/org/sonatype/nexus/proxy/storage/remote/httpclient/HttpClientRemoteStorageTest.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 606.0,
"function_hash": "213192425349250113544587698998596760416"
},
"signature_version": "v1",
"id": "CVE-2020-11415-a0f5566b",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"function": "restToLdapModel",
"file": "plugins/security/nexus-ldap-realm-plugin/src/main/java/org/sonatype/nexus/security/ldap/realms/api/AbstractLdapRealmPlexusResource.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1394.0,
"function_hash": "89353698924315526500952098661319940664"
},
"signature_version": "v1",
"id": "CVE-2020-11415-ab8f654b",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"function": "installUsingP2",
"file": "testsuite/legacy-testsuite/src/test/java/org/sonatype/nexus/testsuite/p2/AbstractNexusP2IT.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 548.0,
"function_hash": "144936699398848969791316712941652340215"
},
"signature_version": "v1",
"id": "CVE-2020-11415-b1de4e2b",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"function": "prefixFileIsUnchanged",
"file": "testsuite/modern-testsuite/src/test/java/org/sonatype/nexus/testsuite/routing/RoutingSanityIT.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1401.0,
"function_hash": "44680511609474172365069035319356101385"
},
"signature_version": "v1",
"id": "CVE-2020-11415-ba6fe156",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"function": "convertHosted2Proxy",
"file": "components/nexus-core/src/test/java/org/sonatype/nexus/proxy/RepoConversionTest.java"
}
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"82043193627118365738721614218741014049",
"233505075427726163236578551303599933726",
"160225661867460296192691436462730130273",
"39368266603541639483119902965822827303",
"122862609624316651976756847192494008380",
"56884259973345046302569446433236076206"
],
"threshold": 0.9
},
"signature_version": "v1",
"id": "CVE-2020-11415-be29ded8",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"file": "testsuite/legacy-testsuite/src/test/java/org/sonatype/nexus/testsuite/misc/nexus421/Nexus421PlainNotificationIT.java"
}
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1804.0,
"function_hash": "41263886927830044494100717784378712334"
},
"signature_version": "v1",
"id": "CVE-2020-11415-d9dfc394",
"source": "https://github.com/sonatype/nexus-public/commit/1d46fc7fd231cfe44a1248126b3726b029cb12c5",
"target": {
"function": "prepare",
"file": "components/nexus-core/src/test/java/org/sonatype/nexus/proxy/repository/AnAbstractProxyRepositoryRetrieveRemoteItemMethodTest.java"
}
}
]