First published: Mon Mar 16 2020(Updated: )
In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | <6.18 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-19937 is a vulnerability in JFrog Artifactory before version 6.18 that allows any admin user to import either system or repository without any restrictions.
CVE-2019-19937 has a severity score of 7.2 out of 10, indicating a high severity level.
CVE-2019-19937 can lead to "undesirable results" by allowing admin users in the enterprise to import system or repository without any restrictions, potentially compromising the integrity of the system.
To fix CVE-2019-19937, users should upgrade to version 6.18 or above of JFrog Artifactory, which introduces the necessary restrictions on imports.
More information about CVE-2019-19937 can be found in the JFrog Artifactory Release Notes for version 6.18, as well as the official JFrog Artifactory documentation and the SecureWorks advisory.