CVE-2019-17444
First published: Mon Oct 12 2020(Updated: )
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.
Credit: psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jfrog Artifactory | <6.17.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-17444.
What is the severity of CVE-2019-17444?
CVE-2019-17444 has a severity level of critical.
How does the vulnerability in Jfrog Artifactory occur?
The vulnerability in Jfrog Artifactory occurs due to the use of default passwords for administrative accounts and the lack of a requirement for users to change them.
Which versions of Jfrog Artifactory are affected by this vulnerability?
Jfrog Artifactory versions prior to 6.17.0 are affected by this vulnerability.
How can I fix CVE-2019-17444?
To fix CVE-2019-17444, you should upgrade Jfrog Artifactory to version 6.17.0 or higher.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/severity
- agent/references
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/jfrog
- canonical/jfrog artifactory