Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-9572

do not allow arbitrary http access through docker repository specific ports

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0-m6
    • Fix Version/s: 3.0.0
    • Component/s: Docker
    • Labels:
      None
    • Story Points:
      1
    • Sprint:
      Sprint 64 - Föhn

      Description

      If you configure a port on a docker repository, you can also access the rest of Nexus through this port, including the UI.

      You can also configure the port to be the same as an existing connector defined manually in jetty.xml.

      You cannot configure the port to be the same as another docker repository connector.

      Regardless, this is much more access than a docker specific repository port implies.

      Suggest we limit accessible URLs through a docker repository port to only those known to map correctly to docker repositories.

      Alternately, do we have a use case for allowing to use the same port as one configured in the jetty configuration files manually? The only benefit might be that one might want to reduce the ports to be managed through firewalls. However does this lead to potential exposure to URL conflicts with other parts of Nexus?

        Attachments

          Activity

            People

            Assignee:
            jtom Joe Tom
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title