First published: Mon Oct 12 2020(Updated: )
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | <6.17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-17444.
CVE-2019-17444 has a severity level of critical.
The vulnerability in Jfrog Artifactory occurs due to the use of default passwords for administrative accounts and the lack of a requirement for users to change them.
Jfrog Artifactory versions prior to 6.17.0 are affected by this vulnerability.
To fix CVE-2019-17444, you should upgrade Jfrog Artifactory to version 6.17.0 or higher.