Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
artifactory vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2019-10322
A missing permission check in Jenkins Artifactory Plugin 3.2.2 and previous versions in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anot...
Jfrog Artifactory
8.8
CVSSv3
CVE-2021-3860
JFrog Artifactory prior to 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query.
Jfrog Artifactory
7.2
CVSSv3
CVE-2019-19937
In JFrog Artifactory prior to 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
Jfrog Artifactory
6.5
CVSSv3
CVE-2023-42508
JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.
Jfrog Artifactory
9.8
CVSSv3
CVE-2022-0668
JFrog Artifactory before 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
Jfrog Artifactory
9.8
CVSSv3
CVE-2019-17444
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based malicious users to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifac...
Jfrog Artifactory
6.1
CVSSv3
CVE-2021-45721
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.36.1 versions prior to 7.29....
Jfrog Artifactory
4.9
CVSSv3
CVE-2021-46687
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.31.10 versions prior to 7.x; JFrog Artifactory versions pr...
Jfrog Artifactory
2.7
CVSSv3
CVE-2021-46270
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.
Jfrog Artifactory
4.9
CVSSv3
CVE-2021-45730
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.
Jfrog Artifactory
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »