CVE-2021-23163

🗓️ 06 Jul 2022 09:45:12Reported by JFROGType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 59 Views

JFrog Artifactory prior to 7.33.6 & 6.23.38 vulnerable to CSRF

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2021-23163	6 Jul 202214:14	–	circl
CNNVD	JFrog Artifactory 跨站请求伪造漏洞	6 Jul 202200:00	–	cnnvd
Cvelist	CVE-2021-23163	6 Jul 202209:45	–	cvelist
EUVD	EUVD-2021-10274	7 Oct 202500:30	–	euvd
NVD	CVE-2021-23163	6 Jul 202210:15	–	nvd
OSV	BIT-ARTIFACTORY-2021-23163	6 Mar 202410:52	–	osv
OSV	CVE-2021-23163	6 Jul 202210:15	–	osv
Prion	Cross site request forgery (csrf)	6 Jul 202210:15	–	prion
Positive Technologies	PT-2022-9369 · Jfrog · Jfrog Artifactory	6 Jul 202200:00	–	ptsecurity
RedhatCVE	CVE-2021-23163	22 May 202521:19	–	redhatcve

NVD

Node

jfrog artifactoryRange6.0.0–6.23.38-

jfrog artifactoryRange7.0.0–7.33.6-

[
  {
    "product": "JFrog Artifactory",
    "vendor": "JFrog",
    "versions": [
      {
        "lessThan": "7.x",
        "status": "affected",
        "version": "JFrog Artifactory versions before 7.33.6",
        "versionType": "custom"
      },
      {
        "lessThan": "6.x",
        "status": "affected",
        "version": "JFrog Artifactory versions before 6.23.38",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jfrog	www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth
jfrog	www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories

21 Nov 2024 05:51Current

8.7High risk

Vulners AI Score8.7

CVSS 26.8

CVSS 3.13.1 - 8.8

EPSS0.00068

CWE-352