Filtered by vendor Jfrog
Subscriptions
Filtered by product Artifactory
Subscriptions
Total
28 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-45730 | 1 Jfrog | 1 Artifactory | 2024-08-04 | 6 Medium |
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. | ||||
CVE-2021-45721 | 1 Jfrog | 1 Artifactory | 2024-08-04 | 6.1 Medium |
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38. | ||||
CVE-2021-45074 | 1 Jfrog | 1 Artifactory | 2024-08-04 | 4.3 Medium |
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. | ||||
CVE-2021-41834 | 1 Jfrog | 1 Artifactory | 2024-08-04 | 5.3 Medium |
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | ||||
CVE-2021-23163 | 1 Jfrog | 1 Artifactory | 2024-08-03 | 3.1 Low |
JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. | ||||
CVE-2021-3860 | 1 Jfrog | 1 Artifactory | 2024-08-03 | 8.8 High |
JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. | ||||
CVE-2022-0668 | 1 Jfrog | 1 Artifactory | 2024-08-02 | 5.3 Medium |
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user. | ||||
CVE-2022-0573 | 1 Jfrog | 1 Artifactory | 2024-08-02 | 8.8 High |
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object. |