NotCVE - vendor:"JFrog" product:"Artifactory" version:" >= 7.17.4

Page 4 of 18 results (0.003 seconds)

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-46270

https://notcve.org/view.php?id=CVE-2021-46270

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. JFrog Artifactory versiones anteriores a 7.31.10, es vulnerable a un Control de Acceso Roto, donde un usuario administrador del proyecto es capaz de listar todos los nombres de repositorios disponibles debido a una comprobación de permisos insuficiente • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46270%3A+Artifactory+Project+Admin+Repository+Name+Disclosure https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-45074

https://notcve.org/view.php?id=CVE-2021-45074

JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. JFrog Artifactory versiones anteriores a 7.29.3 y 6.23.38, es vulnerable a Un Control de Acceso Roto, un usuario con poco privilegiado es capaz de borrar el token OAuth de otros usuarios conocidos, lo que forzará a una re-autenticación en una sesión activa o en la siguiente sesión de la UI • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45074%3A+Artifactory+Broken+Access+Control+on+Delete+OAuth+Tokens https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2021-3860 – JFrog Artifactory SQL Injection

https://notcve.org/view.php?id=CVE-2021-3860

JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. JFrog Artifactory versiones anteriores a 7.25.4 (sólo en las implementaciones Enterprise+), es vulnerable a una inyección SQL ciega por parte de un usuario autenticado con pocos privilegios debido a una comprobación incompleta cuando se lleva a cabo una consulta SQL JFrog Artifactory versions prior to 7.25.4 suffer from a remote blind SQL injection vulnerability. • http://packetstormsecurity.com/files/177162/JFrog-Artifactory-SQL-Injection.html https://www.jfrog.com/confluence/display/JFROG/CVE-2021-3860%3A+Artifactory+Low+Privileged+Blind+SQL+Injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2 3 4