CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45721
https://notcve.org/view.php?id=CVE-2021-45721
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38. JFrog Artifactory versiones anteriores a 7.29.8 y 6.23.38 es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) Reflejado mediante uno de los parámetros XHR en el endpoint de la API REST de los usuarios. Este problema afecta a: JFrog JFrog Artifactory versiones anteriores a 7.36.1 versiones anteriores a 7.29.8; JFrog Artifactory versiones anteriores a 6.23.41 versiones anteriores a 6.23.38 • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41834
https://notcve.org/view.php?id=CVE-2021-41834
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. JFrog Artifactory versiones anteriores a 7.28.0 y 6.23.38, es vulnerable a un Control de Acceso Roto, la funcionalidad copy puede ser usada por un usuario poco privilegiado para leer y copiar cualquier artefacto que se presente en el despliegue de Artifactory debido a una comprobación de permisos inapropiada • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-41834%3A+Artifactory+Broken+Access+Control+on+Copy+Artifact • CWE-284: Improper Access Control •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45730
https://notcve.org/view.php?id=CVE-2021-45730
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. JFrog Artifactory versiones anteriores a 7.31.10, es vulnerable a un control de acceso roto donde un administrador de proyecto es capaz de crear, editar y eliminar diseños de repositorio mientras que la configuración de los diseños de repositorio sólo debería estar disponible para los administradores de plataforma • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45730%3A+Artifactory+Broken+Access+Control+on+Repository+Layouts+Configuration • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-0573
https://notcve.org/view.php?id=CVE-2022-0573
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object. JFrog Artifactory versiones anteriores a 7.36.1 y 6.23.41, es vulnerable a una Deserialización no Segura de datos no confiables que puede conllevar a DoS, Escalada de Privilegios y Ejecución de Código Remota cuando una petición especialmente diseñada es enviada por un usuario autenticado con pocos privilegios debido a una insuficiente comprobación de un objeto serializado proporcionado por el usuario • https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Data https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46270
https://notcve.org/view.php?id=CVE-2021-46270
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. JFrog Artifactory versiones anteriores a 7.31.10, es vulnerable a un Control de Acceso Roto, donde un usuario administrador del proyecto es capaz de listar todos los nombres de repositorios disponibles debido a una comprobación de permisos insuficiente • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46270%3A+Artifactory+Project+Admin+Repository+Name+Disclosure https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories • CWE-284: Improper Access Control •