First published: Sun Jan 08 2023(Updated: )
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
Credit: reefs@jfrog.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | >=6.0.0<6.23.41 | |
Jfrog Artifactory | >=7.0.0<7.37.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2022-0668.
The severity of CVE-2022-0668 is critical with a CVSS score of 9.8.
JFrog Artifactory versions between 6.0.0 and 7.37.13 are affected by this vulnerability.
An unauthenticated user can exploit this vulnerability by sending a specially crafted request which bypasses authentication and may lead to privilege escalation.
More information about CVE-2022-0668 can be found at the following link: [CVE-2022-0668: Artifactory Authentication Bypass](https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass)