CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-6915 – JFrog Artifactory Cache Poisoning
https://notcve.org/view.php?id=CVE-2024-6915
05 Aug 2024 — JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning. • https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2248 – JFrog Artifactory Header Injection
https://notcve.org/view.php?id=CVE-2024-2248
15 May 2024 — A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email. Una vulnerabilidad de inyección de encabezado en la plataforma JFrog en versiones inferiores a 7.85.0 (SaaS) y 7.84.7 (autohospedado) puede permitir que actores de amenazas se apoderen de la cuenta del usuario final al hacer clic en una URL especialmente manipulada ... • https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-4142 – JFrog Artifactory Improper input validation within token creation flow
https://notcve.org/view.php?id=CVE-2024-4142
01 May 2024 — An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with anonymous access enabled. Se descubrió en JFrog Artifactory una vulnerabilidad de validación de entrada incorrecta que podría conducir a una escalada de privilegios. Debido a esta vulnerabilidad, los usuarios con privi... • https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2247 – JFrog Artifactory Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-2247
13 Mar 2024 — JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism. Las versiones de JFrog Artifactory inferiores a 7.77.7 son vulnerables a Cross Site Scripting basadas en DOM debido a un manejo inadecuado del mecanismo de anulación de importación. • https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42661 – JFrog Artifactory Improper input validation leads to arbitrary file write
https://notcve.org/view.php?id=CVE-2023-42661
07 Mar 2024 — JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts. JFrog Artifactory anterior a la versión 7.76.2 es vulnerable a la escritura arbitraria de archivos de datos que no son de confianza, lo que puede provocar DoS o ejecución remota de código cuando un usuario autenticado envía una serie d... • https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41834
https://notcve.org/view.php?id=CVE-2021-41834
23 May 2022 — JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. JFrog Artifactory versiones anteriores a 7.28.0 y 6.23.38, es vulnerable a un Control de Acceso Roto, la funcionalidad copy puede ser usada por un usuario poco privilegiado para leer y copiar cualquier artefacto que se presente en el despliegue ... • https://www.jfrog.com/confluence/display/JFROG/CVE-2021-41834%3A+Artifactory+Broken+Access+Control+on+Copy+Artifact • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2021-3860 – JFrog Artifactory SQL Injection
https://notcve.org/view.php?id=CVE-2021-3860
20 Dec 2021 — JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. JFrog Artifactory versiones anteriores a 7.25.4 (sólo en las implementaciones Enterprise+), es vulnerable a una inyección SQL ciega por parte de un usuario autenticado con pocos privilegios debido a una comprobación incompleta cuando se lleva a cabo una consulta SQL JFrog Artifactory versions prior to 7.25.4 suf... • https://packetstorm.news/files/id/177162 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2019-17444 – JFrog Artifactory does not enforce default admin password change
https://notcve.org/view.php?id=CVE-2019-17444
12 Oct 2020 — Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0. Jfrog Artifactory usa contraseñas predeterminadas (tal y como "password") para las cuentas administrativas y no requiere que los usuarios las cambien. Esto puede permitir que atacantes basados ?? • https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes • CWE-521: Weak Password Requirements •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2164
https://notcve.org/view.php?id=CVE-2020-2164
25 Mar 2020 — Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. Jenkins Artifactory Plugin versiones 3.5.0 y anteriores, almacenan su contraseña no cifrada en el servidor de Artifactory en su archivo de configuración global en el maestro Jenkins, donde puede ser visualizado por usuarios con acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2020/03/25/2 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2165
https://notcve.org/view.php?id=CVE-2020-2165
25 Mar 2020 — Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Jenkins Artifactory Plugin versiones 3.6.0 y anteriores, transmiten contraseñas configuradas en texto plano como parte de su formulario de configuración global de Jenkins, resultando potencialmente en su exposición. • http://www.openwall.com/lists/oss-security/2020/03/25/2 • CWE-522: Insufficiently Protected Credentials •