Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-8700

specially crafted proxy repository GET requests can delete already cached storage paths

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2, 2.8.1, 2.11.1, 2.11.2
    • Fix Version/s: 2.11.3
    • Component/s: Repository
    • Labels:

      Description

      A user who only has read only access to a Nexus Proxy repository can send a specially crafted request to delete a directory under that repository's storage location.

      This bug only affects Proxy repositories, not hosted or group repositories. The paths deleted can only exist under the configured repository storage location.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                tigCommentSecurity.panel-title