CVE-2021-46270
First published: Wed Mar 02 2022(Updated: )
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.
Credit: reefs@jfrog.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jfrog Artifactory | >=7.0.0<7.31.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-46270?
CVE-2021-46270 is a vulnerability in JFrog Artifactory before version 7.31.10, which allows a project admin user to list all available repository names due to insufficient permission validation.
How does CVE-2021-46270 affect JFrog Artifactory?
CVE-2021-46270 affects JFrog Artifactory versions before 7.31.10 and allows project admin users to view all available repository names.
What is the severity of CVE-2021-46270?
The severity of CVE-2021-46270 is medium with a CVSS score of 2.7.
How can I fix CVE-2021-46270 in JFrog Artifactory?
To fix CVE-2021-46270, update JFrog Artifactory to version 7.31.10 or later.
Where can I find more information about CVE-2021-46270?
More information about CVE-2021-46270 can be found on the JFrog Artifactory website.
- collector/nvd-index
- vendor/jfrog
- canonical/jfrog artifactory
- version/jfrog artifactory/7.0.0