Latest jfrog artifactory Vulnerabilities

CVE-2023-42508
JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated ...
Jfrog Artifactory>=7.0.0<7.66.0
CVE-2022-0668
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
Jfrog Artifactory>=6.0.0<6.23.41
Jfrog Artifactory>=7.0.0<7.37.13
CVE-2021-23163
JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory version...
Jfrog Artifactory>=6.0.0<6.23.38
Jfrog Artifactory>=7.0.0<7.33.6
CVE-2021-46687
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactor...
Jfrog Artifactory>=6.0.0<6.23.38
Jfrog Artifactory>=7.0.0<7.31.10
CVE-2021-45721
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFro...
Jfrog Artifactory>=6.0.0<6.23.38
Jfrog Artifactory>=7.0.0<7.29.8
CVE-2021-41834
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in ...
Jfrog Artifactory<6.23.38
Jfrog Artifactory>=7.0.0<7.28.0
CVE-2021-45730
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should onl...
Jfrog Artifactory>=7.0.0<7.31.10
CVE-2022-0573
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted ...
Jfrog Artifactory>=6.0.0<6.23.41
Jfrog Artifactory>=7.0.0<7.17.16
Jfrog Artifactory>=7.18.0<7.18.12
Jfrog Artifactory>=7.19.0<7.19.13
Jfrog Artifactory>=7.21.0<7.21.25
Jfrog Artifactory>=7.25.0<7.25.9
and 7 more
CVE-2021-46270
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.
Jfrog Artifactory>=7.0.0<7.31.10
CVE-2021-45074
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an ac...
Jfrog Artifactory>=6.0.0<6.23.38
Jfrog Artifactory>=7.0.0<7.29.3
CVE-2021-3860
JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.
Jfrog Artifactory<6.23.30
Jfrog Artifactory>=7.11.0<7.11.8
Jfrog Artifactory>=7.12.0<7.12.10
Jfrog Artifactory>=7.17.0<7.17.14
Jfrog Artifactory>=7.18.0<7.18.11
Jfrog Artifactory>=7.19.0<7.19.12
and 4 more
CVE-2019-17444
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely c...
Jfrog Artifactory<6.17.0
CVE-2019-19937
In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
Jfrog Artifactory<6.18
CVE-2020-7931
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions bet...
Jfrog Artifactory<5.11.8
Jfrog Artifactory>=6.0.0<6.1.6
Jfrog Artifactory>=6.2.0<6.3.9
Jfrog Artifactory>=6.4.0<6.7.8
Jfrog Artifactory>=6.8.0<6.8.17
Jfrog Artifactory>=6.9.0<6.9.6
and 6 more
CVE-2019-10321
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an...
Jfrog Artifactory<=3.2.2
maven/org.jenkins-ci.plugins:artifactory<=3.2.2
CVE-2019-10324
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedProm...
Jfrog Artifactory<=3.2.2
maven/org.jenkins-ci.plugins:artifactory<=3.2.2
<=3.2.2
CVE-2019-10323
A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials...
Jfrog Artifactory<=3.2.3
maven/org.jenkins-ci.plugins:artifactory<=3.2.2
CVE-2019-10322
A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specif...
Jfrog Artifactory<=3.2.2
maven/org.jenkins-ci.plugins:artifactory<=3.2.2
CVE-2019-9733
An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactor...
Jfrog Artifactory=6.7.3
CVE-2018-1000424
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file s...
Jfrog Artifactory<=2.16.1
maven/org.jenkins-ci.plugins:artifactory<2.16.2
<=2.16.1
CVE-2018-1000206
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as lo...
Jfrog Artifactory>=5.11.0<6.1.0
CVE-2018-1000623
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -...
Jfrog Artifactory>=4.0.0<6.0.3
CVE-2016-10036
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploa...
Jfrog Artifactory<4.16

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203