Closed yj0930 closed 2 years ago
Thanks for creating an issue! Please fill out this form so we can be sure to have all the information we need, and to minimize back and forth.
What are you trying to do?
Using AppScan, Nexus has a HIGH level security vulnerability: API Mass Assignment
What feature or behavior is this required for?
Security
How could we solve this issue? (Not knowing is okay!)
/service/extdirect should be protected under authorization
Anything else?
AppScan report related screenshot was attached
See for reporting vulnerabilities - https://github.com/sonatype-nexus-community/nexus-repository-composer/blob/master/SECURITY.md
It should be for a specific problem - generally scans are filled with generic noise.
Thanks for creating an issue! Please fill out this form so we can be sure to have all the information we need, and to minimize back and forth.
What are you trying to do?
Using AppScan, Nexus has a HIGH level security vulnerability: API Mass Assignment
What feature or behavior is this required for?
Security
How could we solve this issue? (Not knowing is okay!)
/service/extdirect should be protected under authorization
Anything else?
AppScan report related screenshot was attached