Artifactory@* Security Vulnerabilities and Issues — Artifactory@* CVE List

Lucene search

JfrogArtifactory*

8 matches found

CVE•added 2020/10/12 10:15 p.m.•105 views

CVE-2019-17444

Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.

9.8CVSS9.5AI score0.90575EPSS

CVE•added 2021/12/20 10:15 p.m.•71 views

CVE-2021-3860

JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.

8.8CVSS8.9AI score0.00411EPSS

Web

CVE•added 2020/01/23 3:15 p.m.•62 views

CVE-2020-7931

In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certai...

8.8CVSS8.8AI score0.32705EPSS

Web

CVE•added 2022/05/23 7:16 a.m.•61 views

CVE-2021-41834

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.

6.5CVSS6.3AI score0.00136EPSS

CVE•added 2024/03/07 2:15 p.m.•52 views

CVE-2023-42661

JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts.

8.8CVSS7.2AI score0.00824EPSS

CVE•added 2020/03/16 8:15 p.m.•51 views

CVE-2019-19937

In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."

7.2CVSS6.9AI score0.00496EPSS

CVE•added 2018/05/01 7:29 p.m.•46 views

CVE-2016-10036

Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading...

9.8CVSS9.7AI score0.19438EPSS

Web

CVE•added 2024/04/15 8:15 a.m.•45 views

CVE-2024-3505

JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration.This does not affect JFrog cloud deployments.

4.3CVSS6AI score0.00287EPSS