NotCVE - vendor:"Jfrog"

Page 3 of 35 results (0.000 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-23163

https://notcve.org/view.php?id=CVE-2021-23163

JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. JFrog Artifactory versiones anteriores a 7.33.6 y 6.23.38, es vulnerable a un ataque de tipo CSRF ( Cross-Site Request Forgery) para endpoints específicos. Este problema afecta a: JFrog JFrog Artifactory JFrog versiones anteriores a 7.33.6 versiones anteriores a 7.x; JFrog Artifactory versiones anteriores a 6.23.38 versiones anteriores a 6.x • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-23163%3A++Cross-Site+Request+Forgery+on+REST+using+Basic+Auth https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-46687

https://notcve.org/view.php?id=CVE-2021-46687

JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. JFrog Artifactory versiones anteriores a 7.31.10 y 6.23.38 es vulnerable a una Exposición de Datos Confiables mediante la API REST del administrador del proyecto. Este problema afecta a: JFrog JFrog Artifactory versiones anteriores a 7.31.10 versiones anteriores a 7.x; JFrog Artifactory versiones anteriores a 6.23.38 versiones anteriores a 6.x • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-45721

https://notcve.org/view.php?id=CVE-2021-45721

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38. JFrog Artifactory versiones anteriores a 7.29.8 y 6.23.38 es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) Reflejado mediante uno de los parámetros XHR en el endpoint de la API REST de los usuarios. Este problema afecta a: JFrog JFrog Artifactory versiones anteriores a 7.36.1 versiones anteriores a 7.29.8; JFrog Artifactory versiones anteriores a 6.23.41 versiones anteriores a 6.23.38 • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-41834

https://notcve.org/view.php?id=CVE-2021-41834

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. JFrog Artifactory versiones anteriores a 7.28.0 y 6.23.38, es vulnerable a un Control de Acceso Roto, la funcionalidad copy puede ser usada por un usuario poco privilegiado para leer y copiar cualquier artefacto que se presente en el despliegue de Artifactory debido a una comprobación de permisos inapropiada • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-41834%3A+Artifactory+Broken+Access+Control+on+Copy+Artifact • CWE-284: Improper Access Control •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-45730

https://notcve.org/view.php?id=CVE-2021-45730

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. JFrog Artifactory versiones anteriores a 7.31.10, es vulnerable a un control de acceso roto donde un administrador de proyecto es capaz de crear, editar y eliminar diseños de repositorio mientras que la configuración de los diseños de repositorio sólo debería estar disponible para los administradores de plataforma • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45730%3A+Artifactory+Broken+Access+Control+on+Repository+Layouts+Configuration • CWE-284: Improper Access Control •

1 2 3 4 5