Lucene search

JFROGCVELIST:CVE-2022-0668

HistoryJan 08, 2023 - 12:00 a.m.

CVE-2022-0668

2023-01-0800:00:00

CWE-274

JFROG

www.cve.org

jfrog

artifactory

vulnerability

authentication

bypass

privilege escalation

unauthenticated user

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.

CNA Affected

[
  {
    "vendor": "JFrog",
    "product": "JFrog Artifactory",
    "versions": [
      {
        "version": "JFrog Artifactory versions before 7.x",
        "status": "affected",
        "lessThan": "7.37.13",
        "versionType": "custom"
      },
      {
        "version": "JFrog Artifactory versions before 6.x",
        "status": "affected",
        "lessThan": "6.23.41",
        "versionType": "custom"
      }
    ]
  }
]

References

www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

Related for CVELIST:CVE-2022-0668