First published: Wed Mar 02 2022(Updated: )
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.
Credit: reefs@jfrog.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | >=7.0.0<7.31.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-46270 is a vulnerability in JFrog Artifactory before version 7.31.10, which allows a project admin user to list all available repository names due to insufficient permission validation.
CVE-2021-46270 affects JFrog Artifactory versions before 7.31.10 and allows project admin users to view all available repository names.
The severity of CVE-2021-46270 is medium with a CVSS score of 2.7.
To fix CVE-2021-46270, update JFrog Artifactory to version 7.31.10 or later.
More information about CVE-2021-46270 can be found on the JFrog Artifactory website.