Artifactory
by Jfrog
Source repositories
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-45730 | 0.00 | — | 0.01 | May 19, 2022 | JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. | |||
| CVE-2022-0573 | 0.00 | — | 0.02 | May 16, 2022 | JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient… | |||
| CVE-2021-46270 | 0.00 | — | 0.01 | Mar 2, 2022 | JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. | |||
| CVE-2021-45074 | 0.00 | — | 0.01 | Mar 2, 2022 | JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. | |||
| CVE-2021-3860 | 0.00 | — | 0.01 | Dec 20, 2021 | JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. | |||
| CVE-2019-17444 | 0.00 | — | 0.69 | Oct 12, 2020 | Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions… | |||
| CVE-2019-19937 | 0.00 | — | 0.01 | Mar 16, 2020 | In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results." | |||
| CVE-2018-19971 | 0.00 | — | 0.03 | Apr 16, 2019 | JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. |
- CVE-2021-45730May 19, 2022risk 0.00cvss —epss 0.01
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.
- CVE-2022-0573May 16, 2022risk 0.00cvss —epss 0.02
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient…
- CVE-2021-46270Mar 2, 2022risk 0.00cvss —epss 0.01
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.
- CVE-2021-45074Mar 2, 2022risk 0.00cvss —epss 0.01
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.
- CVE-2021-3860Dec 20, 2021risk 0.00cvss —epss 0.01
JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.
- CVE-2019-17444Oct 12, 2020risk 0.00cvss —epss 0.69
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions…
- CVE-2019-19937Mar 16, 2020risk 0.00cvss —epss 0.01
In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
- CVE-2018-19971Apr 16, 2019risk 0.00cvss —epss 0.03
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.
Page 2 of 2