Known Vulnerabilities for Artifactory by Jfrog

Listed below are 10 of the newest known vulnerabilities associated with the software "Artifactory" by "Jfrog".

These CVEs are retrieved based on exact matches on listed software and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-0573 JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to Do... 8.8 - HIGH 2022-05-16 2022-05-16
CVE-2021-46270 JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all avail... 2.7 - LOW 2022-03-02 2022-03-02
CVE-2021-45074 JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete ... 4.3 - MEDIUM 2022-03-02 2022-03-02
CVE-2021-3860 JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged auth... 8.8 - HIGH 2021-12-20 2022-01-03
CVE-2020-7931 In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying ... 8.8 - HIGH 2020-01-23 2020-01-30
CVE-2020-2165 Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins confi... 7.5 - HIGH 2020-03-25 2020-03-27
CVE-2020-2164 Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration f... 6.5 - MEDIUM 2020-03-25 2020-03-27
CVE-2019-17444 Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to chang... 9.8 - CRITICAL 2020-10-12 2020-10-20
CVE-2019-10324 A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleR... 6.5 - MEDIUM 2019-05-31 2019-06-03
CVE-2019-10323 A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowe... 4.3 - MEDIUM 2019-05-31 2020-10-01

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language

Popular searches for Artifactory

Artifactory - Universal Artifact Management

Artifactory - Universal Artifact Management As the worlds first universal repository, Frog Artifactory & is the mission-critical heart of the Frog y w u Platform, functioning as the single source of truth for all packages as they move across the entire DevOps pipeline. DevOps Software Automation Artifact (software development) Computing platform Software development Management Software repository Scalability Single source of truth Mission critical Regulatory compliance CI/CD Pipeline (computing) End-to-end principle Automotive industry Package manager Use case Artifact (video game) Financial software

JFrog - Universal Artifact Management for DevOps Acceleration

A =JFrog - Universal Artifact Management for DevOps Acceleration Share build artifacts & dependencies from development to production with a complete DevOps Platform, including artifact management, pipeline security & software distribution. DevOps Artifact (software development) Computing platform Software Cloud computing Web browser HTML5 video Software distribution CI/CD Management High availability Computer security software Regulatory compliance Automation End-to-end principle Coupling (computer programming) Pipeline (computing) Artifact (video game) Software development Customer

© 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license. and Source URL Uptime Status