Known Vulnerabilities for Artifactory by Jfrog

Listed below are 10 of the newest known vulnerabilities associated with the software "Artifactory" by "Jfrog".

These CVEs are retrieved based on exact matches on listed software and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2020-7931 In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying ... 8.8 - HIGH 2020-01-23 2020-01-30
CVE-2020-2165 Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins confi... 7.5 - HIGH 2020-03-25 2020-03-27
CVE-2020-2164 Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration f... 6.5 - MEDIUM 2020-03-25 2020-03-27
CVE-2019-19937 In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the... 7.2 - HIGH 2020-03-16 2021-07-21
CVE-2019-17444 Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to chang... 9.8 - CRITICAL 2020-10-12 2020-10-20
CVE-2019-10324 A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleR... 6.5 - MEDIUM 2019-05-31 2019-06-03
CVE-2019-10323 A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowe... 4.3 - MEDIUM 2019-05-31 2020-10-01
CVE-2019-10322 A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnect... 4.3 - MEDIUM 2019-05-31 2020-10-01
CVE-2019-10321 A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorIm... 4.3 - MEDIUM 2019-05-31 2019-06-05
CVE-2019-9733 An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the... 9.8 - CRITICAL 2019-04-11 2020-08-24

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationJfrogArtifactory6.9.6AllAllAll
ApplicationJfrogArtifactory6.9.5AllAllAll
ApplicationJfrogArtifactory6.9.4AllAllAll
ApplicationJfrogArtifactory6.9.3AllAllAll
ApplicationJfrogArtifactory6.9.2AllAllAll
ApplicationJfrogArtifactory6.9.1AllAllAll
ApplicationJfrogArtifactory6.9.0AllAllAll
ApplicationJfrogArtifactory6.8.9AllAllAll
ApplicationJfrogArtifactory6.8.7AllAllAll
ApplicationJfrogArtifactory6.8.6AllAllAll
ApplicationJfrogArtifactory6.8.4AllAllAll
ApplicationJfrogArtifactory6.8.3AllAllAll
ApplicationJfrogArtifactory6.8.2AllAllAll
ApplicationJfrogArtifactory6.8.17AllAllAll
ApplicationJfrogArtifactory6.8.16AllAllAll
ApplicationJfrogArtifactory6.8.15AllAllAll
ApplicationJfrogArtifactory6.8.14AllAllAll
ApplicationJfrogArtifactory6.8.12AllAllAll
ApplicationJfrogArtifactory6.8.1AllAllAll
ApplicationJfrogArtifactory6.8.0AllAllAll

Popular searches for Artifactory

Artifactory - Universal Artifact Management

jfrog.com/artifactory

Artifactory - Universal Artifact Management As the worlds first universal repository, Frog Artifactory & is the mission-critical heart of the Frog y w u Platform, functioning as the single source of truth for all packages as they move across the entire DevOps pipeline.

www.jfrog.com/artifactory/versions www.jfrog.com/products.php service.jfrog.org/artifactory/addons/info/ha www.jfrog.com/products.php jfrog.com/Artifactory DevOps Software Automation Artifact (software development) Computing platform Software development Management Software repository Scalability Single source of truth Mission critical Regulatory compliance CI/CD Pipeline (computing) End-to-end principle Automotive industry Package manager Use case Artifact (video game) Financial software

JFrog - Universal Artifact Management for DevOps Acceleration

jfrog.com

A =JFrog - Universal Artifact Management for DevOps Acceleration Share build artifacts & dependencies from development to production with a complete DevOps Platform, including artifact management, pipeline security & software distribution.

www.jfrog.org www.jfrog.org/sites/artifactory/latest www.jfrog.org/products.php leap.jfrog.com/WN2017-ImplementingaSingleSourceofTruthinaHybridCloudWorld_RegistrationPage.html blog.bintray.com/tag/bintray www.jfrog.org/addons.php DevOps Artifact (software development) Computing platform Software Cloud computing Web browser HTML5 video Software distribution CI/CD Management High availability Computer security software Regulatory compliance Automation End-to-end principle Coupling (computer programming) Pipeline (computing) Artifact (video game) Software development Customer

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report