Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
artifactory vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-41834
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.
Jfrog Artifactory
6.8
CVSSv2
CVE-2021-23163
JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.33.6 versions prior to 7.x; JFrog Artifactory versions prior to 6.2...
Jfrog Artifactory
6.8
CVSSv2
CVE-2021-46687
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.31.10 versions prior to 7.x; JFrog Artifactory versions pr...
Jfrog Artifactory
NA
CVE-2023-42508
JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.
Jfrog Artifactory
4
CVSSv2
CVE-2020-2164
Jenkins Artifactory Plugin 3.5.0 and previous versions stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
Jfrog Artifactory
5
CVSSv2
CVE-2020-2165
Jenkins Artifactory Plugin 3.6.0 and previous versions transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
Jfrog Artifactory
NA
CVE-2022-0668
JFrog Artifactory before 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
Jfrog Artifactory
6.8
CVSSv2
CVE-2018-1000206
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an malicious user to perform actions as logged in user. This attack appear to be exploitable via The victim must run...
Jfrog Artifactory
2.1
CVSSv2
CVE-2018-1000424
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and previous versions in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin befor...
Jfrog Artifactory
4
CVSSv2
CVE-2021-46270
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.
Jfrog Artifactory
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »