6.8
CVE-2021-46687
- EPSS 0.25%
- Veröffentlicht 06.07.2022 10:15:09
- Zuletzt bearbeitet 21.11.2024 06:34:35
- Quelle reefs@jfrog.com
- CVE-Watchlists
- Unerledigt
LoginJFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jfrog ≫ Artifactory SwPlatform- Version >= 6.0.0 < 6.23.38
Jfrog ≫ Artifactory SwPlatform- Version >= 7.0.0 < 7.31.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.483 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 6.8 | 8 | 6.9 |
AV:N/AC:L/Au:S/C:C/I:N/A:N
|
| reefs@jfrog.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.