First published: Wed Jul 06 2022(Updated: )
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x.
Credit: reefs@jfrog.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | >=6.0.0<6.23.38 | |
Jfrog Artifactory | >=7.0.0<7.31.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-46687 is a vulnerability in JFrog Artifactory that allows sensitive data exposure through the Project Administrator REST API.
CVE-2021-46687 affects JFrog Artifactory versions prior to 7.31.10 and 6.23.38.
CVE-2021-46687 has a severity rating of medium (4.9).
To fix CVE-2021-46687, update JFrog Artifactory to version 7.31.10 or 6.23.38 or later.
You can find more information about CVE-2021-46687 at the following references: - [JFrog CVE-2021-46687: Sensitive data exposure on proxy endpoint for Project Admin](https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin) - [JFrog Security Advisories](https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories)