First published: Thu May 19 2022(Updated: )
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.
Credit: reefs@jfrog.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | >=7.0.0<7.31.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this JFrog Artifactory vulnerability is CVE-2021-45730.
The severity of CVE-2021-45730 is medium with a severity value of 4.9.
CVE-2021-45730 is a vulnerability in JFrog Artifactory prior to 7.31.10 that allows a Project Admin to create, edit, and delete Repository Layouts, which should only be available for Platform Administrators.
CVE-2021-45730 affects JFrog Artifactory versions prior to 7.31.10.
Yes, the fix for CVE-2021-45730 is to update JFrog Artifactory to version 7.31.10 or newer.