CVE-2019-19937
First published: Mon Mar 16 2020(Updated: )
In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jfrog Artifactory | <6.18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-19937?
CVE-2019-19937 is a vulnerability in JFrog Artifactory before version 6.18 that allows any admin user to import either system or repository without any restrictions.
What is the severity of CVE-2019-19937?
CVE-2019-19937 has a severity score of 7.2 out of 10, indicating a high severity level.
How can CVE-2019-19937 impact JFrog Artifactory?
CVE-2019-19937 can lead to "undesirable results" by allowing admin users in the enterprise to import system or repository without any restrictions, potentially compromising the integrity of the system.
What is the fix for CVE-2019-19937?
To fix CVE-2019-19937, users should upgrade to version 6.18 or above of JFrog Artifactory, which introduces the necessary restrictions on imports.
Where can I find more information about CVE-2019-19937?
More information about CVE-2019-19937 can be found in the JFrog Artifactory Release Notes for version 6.18, as well as the official JFrog Artifactory documentation and the SecureWorks advisory.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- vendor/jfrog
- canonical/jfrog artifactory