CVE-2021-46687
First published: Wed Jul 06 2022(Updated: )
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x.
Credit: reefs@jfrog.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jfrog Artifactory | >=6.0.0<6.23.38 | |
| Jfrog Artifactory | >=7.0.0<7.31.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-46687?
CVE-2021-46687 is a vulnerability in JFrog Artifactory that allows sensitive data exposure through the Project Administrator REST API.
How does CVE-2021-46687 impact JFrog Artifactory?
CVE-2021-46687 affects JFrog Artifactory versions prior to 7.31.10 and 6.23.38.
What is the severity of CVE-2021-46687?
CVE-2021-46687 has a severity rating of medium (4.9).
How can I fix CVE-2021-46687?
To fix CVE-2021-46687, update JFrog Artifactory to version 7.31.10 or 6.23.38 or later.
Where can I find more information about CVE-2021-46687?
You can find more information about CVE-2021-46687 at the following references: - [JFrog CVE-2021-46687: Sensitive data exposure on proxy endpoint for Project Admin](https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin) - [JFrog Security Advisories](https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories)
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- vendor/jfrog
- canonical/jfrog artifactory
- version/jfrog artifactory/6.0.0
- version/jfrog artifactory/7.0.0