CVE-2021-45074

🗓️ 02 Mar 2022 21:20:11Reported by JFROGType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 93 Views

JFrog Artifactory before 7.29.3 and 6.23.38 is vulnerable to Broken Access Control, allowing low-privileged users to delete other known users' OAuth tokens, forcing reauthentication

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-45074	3 Mar 202200:25	–	circl
CNNVD	JFrog Artifactory 安全漏洞	2 Mar 202200:00	–	cnnvd
CNVD	JFrog Artifactory has an unspecified vulnerability	4 Mar 202200:00	–	cnvd
Cvelist	CVE-2021-45074	2 Mar 202221:20	–	cvelist
EUVD	EUVD-2021-31869	3 Oct 202520:07	–	euvd
NVD	CVE-2021-45074	2 Mar 202222:15	–	nvd
OSV	BIT-ARTIFACTORY-2021-45074	6 Mar 202410:52	–	osv
OSV	CVE-2021-45074	2 Mar 202222:15	–	osv
Prion	Improper access control	2 Mar 202222:15	–	prion
Positive Technologies	PT-2022-12300 · Jfrog · Jfrog Artifactory	2 Mar 202200:00	–	ptsecurity

NVD

Node

jfrog artifactoryRange6.0.0–6.23.38-

jfrog artifactoryRange7.0.0–7.29.3-

[
  {
    "product": "JFrog Artifactory",
    "vendor": "JFrog",
    "versions": [
      {
        "lessThan": "7.29.3",
        "status": "affected",
        "version": "JFrog Artifactory versions before 7.29.3",
        "versionType": "custom"
      },
      {
        "lessThan": "6.23.38",
        "status": "affected",
        "version": "JFrog Artifactory versions before 6.23.38",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jfrog	www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories
jfrog	www.jfrog.com/confluence/display/JFROG/CVE-2021-45074%3A+Artifactory+Broken+Access+Control+on+Delete+OAuth+Tokens

21 Nov 2024 06:31Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.14.3 - 5.4

CVSS 25.5

EPSS0.0033

CWE-284