Jfrog

Artifactory

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-17444

  • EPSS 92.49%
  • Veröffentlicht 12.10.2020 22:15:15
  • Zuletzt bearbeitet 21.11.2024 04:32:20

Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects...

7.5

CVE-2020-2165

  • EPSS 0.33%
  • Veröffentlicht 25.03.2020 17:15:15
  • Zuletzt bearbeitet 21.11.2024 05:24:50

Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

6.5

CVE-2020-2164

  • EPSS 0.26%
  • Veröffentlicht 25.03.2020 17:15:15
  • Zuletzt bearbeitet 21.11.2024 05:24:50

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

7.2

CVE-2019-19937

  • EPSS 0.52%
  • Veröffentlicht 16.03.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:41

In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."

8.8

CVE-2020-7931

Exploit
  • EPSS 33.48%
  • Veröffentlicht 23.01.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:38:02

In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because u...

4.3

CVE-2019-10323

Exploit
  • EPSS 0.26%
  • Veröffentlicht 31.05.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:53

A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

4.3

CVE-2019-10321

  • EPSS 0.13%
  • Veröffentlicht 31.05.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:53

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified c...

4.3

CVE-2019-10322

Exploit
  • EPSS 0.26%
  • Veröffentlicht 31.05.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:53

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs o...

6.5

CVE-2019-10324

  • EPSS 0.13%
  • Veröffentlicht 31.05.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:53

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to sched...

9.8

CVE-2018-19971

Exploit
  • EPSS 0.88%
  • Veröffentlicht 16.04.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:55

JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.