CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0668
https://notcve.org/view.php?id=CVE-2022-0668
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user. JFrog Artifactory anterior a 7.37.13 es vulnerable a la omisión de autenticación, lo que puede provocar una escalada de privilegios cuando un usuario no autenticado envía una solicitud especialmente manipulada. • https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass • CWE-269: Improper Privilege Management CWE-274: Improper Handling of Insufficient Privileges •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-23163
https://notcve.org/view.php?id=CVE-2021-23163
JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. JFrog Artifactory versiones anteriores a 7.33.6 y 6.23.38, es vulnerable a un ataque de tipo CSRF ( Cross-Site Request Forgery) para endpoints específicos. Este problema afecta a: JFrog JFrog Artifactory JFrog versiones anteriores a 7.33.6 versiones anteriores a 7.x; JFrog Artifactory versiones anteriores a 6.23.38 versiones anteriores a 6.x • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46687
https://notcve.org/view.php?id=CVE-2021-46687
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. JFrog Artifactory versiones anteriores a 7.31.10 y 6.23.38 es vulnerable a una Exposición de Datos Confiables mediante la API REST del administrador del proyecto. Este problema afecta a: JFrog JFrog Artifactory versiones anteriores a 7.31.10 versiones anteriores a 7.x; JFrog Artifactory versiones anteriores a 6.23.38 versiones anteriores a 6.x • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45721
https://notcve.org/view.php?id=CVE-2021-45721
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38. JFrog Artifactory versiones anteriores a 7.29.8 y 6.23.38 es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) Reflejado mediante uno de los parámetros XHR en el endpoint de la API REST de los usuarios. Este problema afecta a: JFrog JFrog Artifactory versiones anteriores a 7.36.1 versiones anteriores a 7.29.8; JFrog Artifactory versiones anteriores a 6.23.41 versiones anteriores a 6.23.38 • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41834
https://notcve.org/view.php?id=CVE-2021-41834
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. JFrog Artifactory versiones anteriores a 7.28.0 y 6.23.38, es vulnerable a un Control de Acceso Roto, la funcionalidad copy puede ser usada por un usuario poco privilegiado para leer y copiar cualquier artefacto que se presente en el despliegue de Artifactory debido a una comprobación de permisos inapropiada • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-41834%3A+Artifactory+Broken+Access+Control+on+Copy+Artifact • CWE-284: Improper Access Control •