Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jfrog vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-10324
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and previous versions in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed malicious users to schedule a release ...
Jfrog Artifactory
8.8
CVSSv3
CVE-2018-1000206
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an malicious user to perform actions as logged in user. This attack appear to be exploitable via The victim must run...
Jfrog Artifactory
7.8
CVSSv3
CVE-2018-1000424
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and previous versions in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin befor...
Jfrog Artifactory
6.1
CVSSv3
CVE-2021-45721
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.36.1 versions prior to 7.29....
Jfrog Artifactory
7.2
CVSSv3
CVE-2019-19937
In JFrog Artifactory prior to 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
Jfrog Artifactory
6.5
CVSSv3
CVE-2020-2164
Jenkins Artifactory Plugin 3.5.0 and previous versions stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
Jfrog Artifactory
4.9
CVSSv3
CVE-2021-46687
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.31.10 versions prior to 7.x; JFrog Artifactory versions pr...
Jfrog Artifactory
4.9
CVSSv3
CVE-2021-45730
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.
Jfrog Artifactory
9.8
CVSSv3
CVE-2022-0668
JFrog Artifactory before 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
Jfrog Artifactory
8.8
CVSSv3
CVE-2020-7931
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper...
Jfrog Artifactory
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »