Artifactory Security Vulnerabilities and Issues — Artifactory CVE List

Lucene search

JfrogArtifactory

8 matches found

CVE•added 2022/07/06 10:15 a.m.•1779 views

CVE-2021-45721

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory ...

6.1CVSS5.9AI score0.00242EPSS

CVE•added 2022/07/06 10:15 a.m.•1231 views

CVE-2021-46687

JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions...

6.8CVSS5AI score0.00198EPSS

CVE•added 2022/03/02 10:15 p.m.•84 views

CVE-2021-45074

JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.

5.5CVSS5.4AI score0.00235EPSS

CVE•added 2022/05/16 3:15 p.m.•80 views

CVE-2022-0573

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-pro...

8.8CVSS8.7AI score0.10546EPSS

CVE•added 2022/03/02 10:15 p.m.•76 views

CVE-2021-46270

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.

4CVSS3.8AI score0.0014EPSS

CVE•added 2022/05/19 3:15 p.m.•63 views

CVE-2021-45730

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.

6CVSS5AI score0.00131EPSS

CVE•added 2022/05/23 7:16 a.m.•60 views

CVE-2021-41834

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.

6.5CVSS6.3AI score0.00136EPSS

CVE•added 2022/07/06 10:15 a.m.•53 views

CVE-2021-23163

JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to ...

8.8CVSS8.7AI score0.00128EPSS