CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46687
https://notcve.org/view.php?id=CVE-2021-46687
06 Jul 2022 — JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. JFrog Artifactory versiones anteriores a 7.31.10 y 6.23.38 es vulnerable a una Exposición de Datos Confiables mediante la API REST del administrador del proyecto. Este problema afecta a: JFrog JFrog... • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45721
https://notcve.org/view.php?id=CVE-2021-45721
06 Jul 2022 — JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38. JFrog Artifactory versiones anteriores a 7.29.8 y 6.23.38 es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) Reflejado mediante uno de los parámetros XH... • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41834
https://notcve.org/view.php?id=CVE-2021-41834
23 May 2022 — JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. JFrog Artifactory versiones anteriores a 7.28.0 y 6.23.38, es vulnerable a un Control de Acceso Roto, la funcionalidad copy puede ser usada por un usuario poco privilegiado para leer y copiar cualquier artefacto que se presente en el despliegue ... • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-41834%3A+Artifactory+Broken+Access+Control+on+Copy+Artifact • CWE-284: Improper Access Control •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45730
https://notcve.org/view.php?id=CVE-2021-45730
19 May 2022 — JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. JFrog Artifactory versiones anteriores a 7.31.10, es vulnerable a un control de acceso roto donde un administrador de proyecto es capaz de crear, editar y eliminar diseños de repositorio mientras que la configuración de los diseños de repositorio sólo debería estar di... • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45730%3A+Artifactory+Broken+Access+Control+on+Repository+Layouts+Configuration • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-0573
https://notcve.org/view.php?id=CVE-2022-0573
16 May 2022 — JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object. JFrog Artifactory versiones anteriores a 7.36.1 y 6.23.41, es vulnerable a una Deserialización no Segura de datos no confiables que puede conllevar a DoS, Escalada de Privilegios y Ejecuci... • https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Data • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46270
https://notcve.org/view.php?id=CVE-2021-46270
02 Mar 2022 — JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. JFrog Artifactory versiones anteriores a 7.31.10, es vulnerable a un Control de Acceso Roto, donde un usuario administrador del proyecto es capaz de listar todos los nombres de repositorios disponibles debido a una comprobación de permisos insuficiente • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46270%3A+Artifactory+Project+Admin+Repository+Name+Disclosure • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45074
https://notcve.org/view.php?id=CVE-2021-45074
02 Mar 2022 — JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. JFrog Artifactory versiones anteriores a 7.29.3 y 6.23.38, es vulnerable a Un Control de Acceso Roto, un usuario con poco privilegiado es capaz de borrar el token OAuth de otros usuarios conocidos, lo que forzará a una re-autenticación en una sesión activa o en la siguien... • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45074%3A+Artifactory+Broken+Access+Control+on+Delete+OAuth+Tokens • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2021-3860 – JFrog Artifactory SQL Injection
https://notcve.org/view.php?id=CVE-2021-3860
20 Dec 2021 — JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. JFrog Artifactory versiones anteriores a 7.25.4 (sólo en las implementaciones Enterprise+), es vulnerable a una inyección SQL ciega por parte de un usuario autenticado con pocos privilegios debido a una comprobación incompleta cuando se lleva a cabo una consulta SQL JFrog Artifactory versions prior to 7.25.4 suf... • https://packetstorm.news/files/id/177162 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2019-17444 – JFrog Artifactory does not enforce default admin password change
https://notcve.org/view.php?id=CVE-2019-17444
12 Oct 2020 — Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0. Jfrog Artifactory usa contraseñas predeterminadas (tal y como "password") para las cuentas administrativas y no requiere que los usuarios las cambien. Esto puede permitir que atacantes basados ?? • https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes • CWE-521: Weak Password Requirements •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2164
https://notcve.org/view.php?id=CVE-2020-2164
25 Mar 2020 — Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. Jenkins Artifactory Plugin versiones 3.5.0 y anteriores, almacenan su contraseña no cifrada en el servidor de Artifactory en su archivo de configuración global en el maestro Jenkins, donde puede ser visualizado por usuarios con acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2020/03/25/2 • CWE-522: Insufficiently Protected Credentials •