VYPR

Artifactory

by Jfrog

Source repositories

CVEs (28)

  • CVE-2021-45730May 19, 2022
    risk 0.00cvss epss 0.01

    JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.

  • CVE-2022-0573May 16, 2022
    risk 0.00cvss epss 0.02

    JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient…

  • CVE-2021-46270Mar 2, 2022
    risk 0.00cvss epss 0.01

    JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.

  • CVE-2021-45074Mar 2, 2022
    risk 0.00cvss epss 0.01

    JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.

  • CVE-2021-3860Dec 20, 2021
    risk 0.00cvss epss 0.01

    JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.

  • CVE-2019-17444Oct 12, 2020
    risk 0.00cvss epss 0.69

    Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions…

  • CVE-2019-19937Mar 16, 2020
    risk 0.00cvss epss 0.01

    In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."

  • CVE-2018-19971Apr 16, 2019
    risk 0.00cvss epss 0.03

    JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.

Page 2 of 2