Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
artifactory vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-0573
JFrog Artifactory prior to 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient val...
Jfrog Artifactory 7.35.0
Jfrog Artifactory
Jfrog Artifactory 7.36.0
6.5
CVSSv2
CVE-2020-7931
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper...
Jfrog Artifactory
1 Github repository
4.3
CVSSv2
CVE-2021-45721
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.36.1 versions prior to 7.29....
Jfrog Artifactory
4
CVSSv2
CVE-2021-46270
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.
Jfrog Artifactory
6.8
CVSSv2
CVE-2021-46687
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.31.10 versions prior to 7.x; JFrog Artifactory versions pr...
Jfrog Artifactory
6.5
CVSSv2
CVE-2021-3860
JFrog Artifactory prior to 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.
Jfrog Artifactory
6.8
CVSSv2
CVE-2021-23163
JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.33.6 versions prior to 7.x; JFrog Artifactory versions prior to 6.2...
Jfrog Artifactory
NA
CVE-2022-0668
JFrog Artifactory before 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
Jfrog Artifactory
5.5
CVSSv2
CVE-2021-45074
JFrog Artifactory prior to 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.
Jfrog Artifactory
4
CVSSv2
CVE-2021-45730
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.
Jfrog Artifactory
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »