Artifactory Security Vulnerabilities and Issues — Artifactory CVE List

Lucene search

JfrogArtifactory

3 matches found

CVE•added 2018/05/01 7:29 p.m.•45 views

CVE-2016-10036

Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading...

9.8CVSS9.7AI score0.27799EPSS

CVE•added 2018/07/09 8:29 p.m.•42 views

CVE-2018-1000623

JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport...

7.2CVSS7.4AI score0.01013EPSS

CVE•added 2018/07/13 6:29 p.m.•37 views

CVE-2018-1000206

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flas...

8.8CVSS8.8AI score0.0022EPSS