Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jfrog artifactory vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-0573
JFrog Artifactory prior to 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient val...
Jfrog Artifactory 7.35.0
Jfrog Artifactory
Jfrog Artifactory 7.36.0
8.8
CVSSv3
CVE-2020-7931
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper...
Jfrog Artifactory
1 Github repository
7.2
CVSSv3
CVE-2018-1000623
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI ...
Jfrog Artifactory
6.1
CVSSv3
CVE-2021-45721
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.36.1 versions prior to 7.29....
Jfrog Artifactory
2.7
CVSSv3
CVE-2021-46270
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.
Jfrog Artifactory
8.8
CVSSv3
CVE-2018-1000206
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an malicious user to perform actions as logged in user. This attack appear to be exploitable via The victim must run...
Jfrog Artifactory
7.8
CVSSv3
CVE-2018-1000424
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and previous versions in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin befor...
Jfrog Artifactory
4.9
CVSSv3
CVE-2021-46687
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions prior to 7.31.10 versions prior to 7.x; JFrog Artifactory versions pr...
Jfrog Artifactory
4.3
CVSSv3
CVE-2019-10321
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and previous versions in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtai...
Jfrog Artifactory
4.3
CVSSv3
CVE-2019-10322
A missing permission check in Jenkins Artifactory Plugin 3.2.2 and previous versions in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anot...
Jfrog Artifactory
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »