Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-11937

privileges which allow reading repository content also expose all repository names when browsing assets / components

    XMLWordPrintable

    Details

      Description

      Anonymous user is assigned one role with only the following:
      nexus:repository-view:maven2:maven-central:browse
      nexus:repository-view:maven2:maven-central:read

      There is a difference in behaviour between Nexus 3.0.2 and 3.1.0.

      In Nexus 3.0.2 you only see maven-central in Browse Assets/Components.

      In Nexus 3.1.0 you see all the repos in Browse Assets/Components. You do not see artifacts under repositories that you do not permissions for, but the issue is that the repository should not displayed

      NOTE: This does not allow users to see the repository content, just the repository names.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                fmilens Frederick Milens
                Reporter:
                bphung Binh Phung
                Last Updated By:
                Rich Seddon
              • Votes:
                9 Vote for this issue
                Watchers:
                20 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Date of First Response: