Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-17613

Add a way of resetting ALL bearer token keys for a given realm from the UI

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.13.0
    • Fix Version/s: None
    • Component/s: Docker, NPM, NuGet, Security
    • Labels:
      None

      Description

      There was a recent security scare where a hijacked version of ESLint was uploaded to npmjs.org that would steal .npmrc files on install thereby stealing any tokens (see https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes for more information).

      Any NXRM users who downloaded the hijacked component needed to invalidate their tokens and there is currently no way of doing this via the UI and had to be done via script (see https://docs.google.com/document/d/1DcudFhpvtPdmSeXbYgl_n-Sy8Syqu2Hm5eUWuSXyYto/edit?usp=sharing)

      Acceptance criteria

      • An administrator can reset all tokens for a given realm (e.g. npm, Docker, Nuget) by clicking a single button.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            jstephens Joseph Stephens
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                tigCommentSecurity.panel-title