Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-6549

Browse Storage/Index can block access to folders or files that start with "content"

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.8
    • Fix Version/s: 2.8.1, 3.0.0-m1
    • Component/s: Security
    • Labels:
      None
    • Sprint:
      Sprint 15, Sprint 16

      Description

      Load the attached configuration into Nexus 2.8, then log in with credentials test/test.

      Go to browse storage in snapshots. You'll be able to browse into "com/foo/project" without issue, but "com/foo/content" and "com/foo/content-test" will be blocked, even though they are clearly allowed by the repository target privilege, which has a regular expression of:

      /|/com/|/com/foo/.*
      

      It only affects /service/local/repositories/<repo-id>/* and /service/local/repo_groups/<repo-id/* REST endpoints. What this means in practice is that it affects the browse storage and browse index trees in the UI.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            rseddon Rich Seddon
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title