CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000424
https://notcve.org/view.php?id=CVE-2018-1000424
09 Jan 2019 — An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. Existe una vulnerabilidad de credenciales protegidas de forma insuficiente en el plugin Jenkins Jenkins Artifactory, en versiones 2.16.1 y anteriores, en ArtifactoryBuilder.java y CredentialsConfig.jav... • http://www.securityfocus.com/bid/106532 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000206
https://notcve.org/view.php?id=CVE-2018-1000206
13 Jul 2018 — JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1. JFrog Artifactory desde la versión 5.11 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) en los endpoints de la interfaz de usuari... • https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000623
https://notcve.org/view.php?id=CVE-2018-1000623
09 Jul 2018 — JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit t... • https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.0.3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 3CVE-2016-10036 – Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution
https://notcve.org/view.php?id=CVE-2016-10036
26 Apr 2018 — Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. Vulnerabilidad de subida de archivos sin restricción en ui/artifact/upload en JFrog Artifactory, en versiones anteriores a la 4.16, permite que atacantes remotos (1) desplieguen una aplicación del s... • https://packetstorm.news/files/id/147378 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6501
https://notcve.org/view.php?id=CVE-2016-6501
09 Dec 2016 — JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. JFrog Artifactory en versiones anteriores a 4.11 permite a atacantes remotos ejecutar código arbitrario a través de un atributo LDAP con un objeto Java serializado manipulado, también conocido como envenenamiento de entrada LDAP. • http://www.securityfocus.com/bid/94855 • CWE-20: Improper Input Validation •