Description
Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials.
Problem types
CWE-863 Incorrect Authorization
Product status
3.1.0 (semver) before 3.93.0
Credits
Ho Boon Suan
References
help.sonatype.com/...us-repository-3-93-0-release-notes.html
support.sonatype.com/hc/en-us/articles/52341191736851