[
https://issues.apache.org/jira/browse/MNG-6683?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov closed MNG-6683.
-------------------------------
Resolution: Invalid
Please go here:
https://issues.sonatype.org/projects/MVNCENTRAL/issues/MVNCENTRAL-4841?filter=allopenissues
> Maven Central returns 200 status for Nexus vulnerability page
> -------------------------------------------------------------
>
> Key: MNG-6683
> URL: https://issues.apache.org/jira/browse/MNG-6683
> Project: Maven
> Issue Type: Bug
> Reporter: Sam Gleske
> Priority: Blocker
>
> My on-site Nexus instance is caching artifacts with a SHA1 checksum
> 304aee16ce585ea362af56fe4044e9aa3ad0a84d.
> Contents of the page is
>
> {noformat}
> Forbidden
> Access to the Central Repository has been temporarily blocked
> You've been identified as running a version of Nexus Repository Manager that
> is vulnerable to botnet exploitation [1]
> It is strongly advised that you upgrade Nexus Repository Manager to the
> latest version, currently 3.16.2. Please visit the Sonatype NXRM download
> page [2]
> For further information on the vulnerability, affected versions, and
> remediation paths, please our official announcement at [3]{noformat}
> Links
> #
> [https://community.sonatype.com/t/botnet-exploitation-of-nxrm-up-to-3-14-0/1993]
> # [https://help.sonatype.com/repomanager3/download]
> #
> [https://community.sonatype.com/t/botnet-exploitation-of-nxrm-up-to-3-14-0/1993]
> h2. Issue
> Because Maven Central returns a 200 status for the vulnerability "Forbidden"
> page our Nexus instance is caching a lot of junk artifacts. We've since
> upgraded to a non-vulnerable Nexus but it seems Central is still returning
> the "Forbidden" error page.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
