Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
artifactory vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-0573
JFrog Artifactory prior to 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient val...
Jfrog Artifactory 7.35.0
Jfrog Artifactory
Jfrog Artifactory 7.36.0
9.8
CVSSv3
CVE-2016-10036
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory prior to 4.16 allows remote malicious users to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a den...
Jfrog Artifactory
1 EDB exploit
5.4
CVSSv3
CVE-2021-45074
JFrog Artifactory prior to 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.
Jfrog Artifactory
6.5
CVSSv3
CVE-2021-41834
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.
Jfrog Artifactory
8.8
CVSSv3
CVE-2020-7931
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper...
Jfrog Artifactory
1 Github repository
6.5
CVSSv3
CVE-2019-10324
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and previous versions in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed malicious users to schedule a release ...
Jfrog Artifactory
8.8
CVSSv3
CVE-2018-1000206
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an malicious user to perform actions as logged in user. This attack appear to be exploitable via The victim must run...
Jfrog Artifactory
9.8
CVSSv3
CVE-2016-6501
JFrog Artifactory prior to 4.11 allows remote malicious users to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.
Jfrog Artifactory
4.3
CVSSv3
CVE-2019-10321
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and previous versions in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtai...
Jfrog Artifactory
4.3
CVSSv3
CVE-2019-10323
A missing permission check in Jenkins Artifactory Plugin 3.2.3 and previous versions in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jfrog Artifactory
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »