Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-11937

privileges which allow reading repository content also expose all repository names when browsing assets / components

    XMLWordPrintable

    Details

      Description

      Anonymous user is assigned one role with only the following:
      nexus:repository-view:maven2:maven-central:browse
      nexus:repository-view:maven2:maven-central:read

      There is a difference in behaviour between Nexus 3.0.2 and 3.1.0.

      In Nexus 3.0.2 you only see maven-central in Browse Assets/Components.

      In Nexus 3.1.0 you see all the repos in Browse Assets/Components. You do not see artifacts under repositories that you do not permissions for, but the issue is that the repository should not displayed

      NOTE: This does not allow users to see the repository content, just the repository names.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              fmilens Frederick Milens
              Reporter:
              bphung Binh Phung
              Last Updated By:
              Peter Lynch
              Votes:
              9 Vote for this issue
              Watchers:
              20 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title