Artifactory Security Vulnerabilities and Issues — Artifactory CVE List

Lucene search

JfrogArtifactory

5 matches found

CVE•added 2019/05/31 3:29 p.m.•201 views

CVE-2019-10322

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credent...

4.3CVSS4.4AI score0.00227EPSS

CVE•added 2019/05/31 3:29 p.m.•200 views

CVE-2019-10323

A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

4.3CVSS4.4AI score0.00227EPSS

CVE•added 2019/05/31 3:29 p.m.•182 views

CVE-2019-10321

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, c...

4.3CVSS4.4AI score0.00146EPSS

CVE•added 2022/03/02 10:15 p.m.•76 views

CVE-2021-46270

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.

4CVSS3.8AI score0.0014EPSS

CVE•added 2024/04/15 8:15 a.m.•44 views

CVE-2024-3505

JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration.This does not affect JFrog cloud deployments.

4.3CVSS6AI score0.00328EPSS