Jfrog

Artifactory

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-0668

  • EPSS 0.25%
  • Veröffentlicht 08.01.2023 15:15:10
  • Zuletzt bearbeitet 21.11.2024 06:39:08

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.

6.8

CVE-2021-46687

  • EPSS 0.25%
  • Veröffentlicht 06.07.2022 10:15:09
  • Zuletzt bearbeitet 21.11.2024 06:34:35

JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; J...

6.1

CVE-2021-45721

  • EPSS 0.23%
  • Veröffentlicht 06.07.2022 10:15:09
  • Zuletzt bearbeitet 21.11.2024 06:32:58

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7....

8.8

CVE-2021-23163

  • EPSS 0.12%
  • Veröffentlicht 06.07.2022 10:15:09
  • Zuletzt bearbeitet 21.11.2024 05:51:18

JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artif...

6.5

CVE-2021-41834

  • EPSS 0.18%
  • Veröffentlicht 23.05.2022 07:16:13
  • Zuletzt bearbeitet 21.11.2024 06:26:50

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permiss...

4.9

CVE-2021-45730

  • EPSS 0.16%
  • Veröffentlicht 19.05.2022 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:32:58

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.

8.8

CVE-2022-0573

  • EPSS 5.92%
  • Veröffentlicht 16.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:56

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated ...

4

CVE-2021-46270

  • EPSS 0.17%
  • Veröffentlicht 02.03.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:33:50

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.

5.5

CVE-2021-45074

  • EPSS 0.33%
  • Veröffentlicht 02.03.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:31:53

JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.

8.8

CVE-2021-3860

  • EPSS 0.25%
  • Veröffentlicht 20.12.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:22:40

JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.