Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jfrog vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-10321
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and previous versions in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtai...
Jfrog Artifactory
356
VMScore
CVE-2019-10322
A missing permission check in Jenkins Artifactory Plugin 3.2.2 and previous versions in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anot...
Jfrog Artifactory
356
VMScore
CVE-2019-10323
A missing permission check in Jenkins Artifactory Plugin 3.2.3 and previous versions in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jfrog Artifactory
383
VMScore
CVE-2019-10324
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and previous versions in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed malicious users to schedule a release ...
Jfrog Artifactory
578
VMScore
CVE-2021-3860
JFrog Artifactory prior to 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.
Jfrog Artifactory
668
VMScore
CVE-2018-19971
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.
Jfrog Artifactory 6.5.9
668
VMScore
CVE-2019-9733
An issue exists in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providi...
Jfrog Artifactory 6.7.3
NA
CVE-2024-3505
JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments.
NA
CVE-2024-2247
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.
NA
CVE-2023-42509
JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »