Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
artifactory vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-2165
Jenkins Artifactory Plugin 3.6.0 and previous versions transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
Jfrog Artifactory
8.8
CVSSv3
CVE-2021-23163
JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.33.6 versions prior to 7.x; JFrog Artifactory versions prior to 6.2...
Jfrog Artifactory
6.5
CVSSv3
CVE-2020-2164
Jenkins Artifactory Plugin 3.5.0 and previous versions stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
Jfrog Artifactory
7.2
CVSSv3
CVE-2018-1000623
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI ...
Jfrog Artifactory
7.8
CVSSv3
CVE-2018-1000424
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and previous versions in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin befor...
Jfrog Artifactory
9.8
CVSSv3
CVE-2019-9733
An issue exists in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case an administrator gets locked out from the Artifactory console. This is only allowable from a connection directly from localhost, but providi...
Jfrog Artifactory 6.7.3
9.8
CVSSv3
CVE-2018-19971
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.
Jfrog Artifactory 6.5.9
NA
CVE-2024-4142
An Improper input validation vulnerability that could potentially lead to privilege escalation exists in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms...
NA
CVE-2024-2247
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.
NA
CVE-2024-3505
JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »