First published: Mon May 23 2022(Updated: )
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.
Credit: reefs@jfrog.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | <6.23.38 | |
Jfrog Artifactory | >=7.0.0<7.28.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-41834 is a vulnerability in JFrog Artifactory prior to version 7.28.0 and 6.23.38, where the copy functionality can be used by a low-privileged user to read and copy any artifact due to improper permissions validation.
CVE-2021-41834 has a severity rating of 6.5 (Medium).
CVE-2021-41834 affects JFrog Artifactory versions prior to 7.28.0 and 6.23.38.
A low-privileged user can exploit CVE-2021-41834 by using the copy functionality to read and copy any artifact in the Artifactory deployment.
Yes, the fix for CVE-2021-41834 is to upgrade JFrog Artifactory to version 7.28.0 or 6.23.38.