Security Vulnerability: API Mass Assignment

[yj0930]

Thanks for creating an issue! Please fill out this form so we can be sure to have all the information we need, and to minimize back and forth.

• What are you trying to do?

• Using AppScan, Nexus has a HIGH level security vulnerability: API Mass Assignment

• What feature or behavior is this required for?

• Security

• How could we solve this issue? (Not knowing is okay!)

• /service/extdirect should be protected under authorization

• Anything else?

• AppScan report related screenshot was attached

[mpiggott]

See for reporting vulnerabilities - https://github.com/sonatype-nexus-community/nexus-repository-composer/blob/master/SECURITY.md

It should be for a specific problem - generally scans are filled with generic noise.