CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000206
https://notcve.org/view.php?id=CVE-2018-1000206
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1. JFrog Artifactory desde la versión 5.11 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) en los endpoints de la interfaz de usuario rest que puede resultar en un ataque clásico de Cross-Site Request Forgery (CSRF) que permite a un atacante realizar acciones como usuario que ha iniciado sesión. El ataque parece ser explotable si una víctima ejecuta un componente flash maliciosamente manipulado. • https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash https://www.jfrog.com/jira/browse/RTFACT-17004 https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000623
https://notcve.org/view.php?id=CVE-2018-1000623
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known "Zip Slip" vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3. JFrog JFrog Artifactory en versiones anteriores a la 6.0.3 y desde la versión 4.0.0 contiene una vulnerabilidad de salto de directorio en la característica "Import Repository from Zip", disponible mediante el menú Admin -> Import Export -> Repositories, que desencadena un endpoint UI REST vulnerable (/ui/artifactimport/upload) que puede resultar en un salto de directorio/sobrescritura de archivos y la ejecución remota de código. Un atacante con privilegios de administrador podría utilizar el endpoint UI mencionado anteriormente y explotar la vulnerabilidad públicamente conocida como "Zip Slip" para agregar o sobrescribir archivos fuera del directorio objetivo. • https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.0.3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 2CVE-2016-10036 – Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution
https://notcve.org/view.php?id=CVE-2016-10036
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. Vulnerabilidad de subida de archivos sin restricción en ui/artifact/upload en JFrog Artifactory, en versiones anteriores a la 4.16, permite que atacantes remotos (1) desplieguen una aplicación del servlet arbitraria y ejecuten código arbitrario mediante la subida de un archivo war o (2) puedan escribir en archivos arbitrarios y provoquen una denegación de servicio (DoS) mediante la subida de un archivo HTML. Jfrog Artifactory versions prior to 4.16 suffer from unauthenticated arbitrary file upload and remote command execution vulnerabilities. • https://www.exploit-db.com/exploits/44543 http://packetstormsecurity.com/files/147378/Jfrog-Artifactory-Code-Execution-Shell-Upload.html https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory4.16 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-6501
https://notcve.org/view.php?id=CVE-2016-6501
JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. JFrog Artifactory en versiones anteriores a 4.11 permite a atacantes remotos ejecutar código arbitrario a través de un atributo LDAP con un objeto Java serializado manipulado, también conocido como envenenamiento de entrada LDAP. • http://www.securityfocus.com/bid/94855 https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-MainUpdates.7 • CWE-20: Improper Input Validation •