Jfrog Artifactory
12 CVEs affecting Jfrog Artifactory. Latest disclosed: 2024-08-05. Critical: 5, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-17444 | Critical | 9.8 | 2020-10-12 | Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorize… |
CVE-2016-6501 | Critical | 9.8 | 2016-12-09 | JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poi… |
CVE-2024-6915 | Critical | 9.3 | 2024-08-05 | JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could p… |
CVE-2023-42662 | Critical | 9.3 | 2024-03-07 | JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially craft… |
CVE-2024-4142 | Critical | 9.0 | 2024-05-01 | An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability… |
CVE-2024-2247 | High | 8.8 | 2024-03-13 | JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism. |
CVE-2023-42661 | High | 7.2 | 2024-03-07 | JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specia… |
CVE-2023-42509 | Medium | 6.6 | 2024-03-07 | JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in reposi… |
CVE-2023-42508 | Medium | 6.5 | 2023-10-03 | JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users be… |
CVE-2024-2248 | Medium | 6.4 | 2024-05-15 | A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end us… |
CVE-2021-45730 | Medium | 6.0 | 2022-05-19 | JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Re… |
CVE-2021-41834 | Medium | 5.3 | 2022-05-23 | JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to r… |