Known Vulnerabilities for products from Jfrog

Listed below are 17 of the newest known vulnerabilities associated with the vendor "Jfrog".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-0573 JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to Do... Not Provided 2022-05-16 2022-05-16
CVE-2021-46270 JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all avail... 2.7 - LOW 2022-03-02 2022-03-02
CVE-2021-45074 JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete ... 5.4 - MEDIUM 2022-03-02 2022-03-02
CVE-2021-3860 JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged auth... 8.8 - HIGH 2021-12-20 2022-01-03
CVE-2020-7931 In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying ... 8.8 - HIGH 2020-01-23 2020-01-30
CVE-2020-2165 Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins confi... 7.5 - HIGH 2020-03-25 2020-03-27
CVE-2020-2164 Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration f... 6.5 - MEDIUM 2020-03-25 2020-03-27
CVE-2019-19937 In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the... 7.2 - HIGH 2020-03-16 2021-07-21
CVE-2019-17444 Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to chang... 9.8 - CRITICAL 2020-10-12 2020-10-20
CVE-2019-10324 A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleR... 6.5 - MEDIUM 2019-05-31 2019-06-03
CVE-2019-10323 A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowe... 4.3 - MEDIUM 2019-05-31 2020-10-01
CVE-2019-10322 A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnect... 4.3 - MEDIUM 2019-05-31 2020-10-01
CVE-2019-10321 A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorIm... 4.3 - MEDIUM 2019-05-31 2019-06-05
CVE-2019-9733 An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the... 9.8 - CRITICAL 2019-04-11 2020-08-24
CVE-2018-1000623 JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in T... 7.2 - HIGH 2018-07-09 2018-09-11
CVE-2018-1000424 An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryB... 7.8 - HIGH 2019-01-09 2020-08-24
CVE-2018-1000206 JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can ... 8.8 - HIGH 2018-07-13 2019-06-03
CVE-2018-19971 JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. 9.8 - CRITICAL 2019-04-16 2020-08-24
CVE-2016-10036 Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) ... 9.8 - CRITICAL 2018-05-01 2018-06-13
CVE-2016-6501 JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serializ... 9.8 - CRITICAL 2016-12-09 2016-12-15

Known software with vulnerabilities from Jfrog

Type Vendor Product Version

Popular searches for "Jfrog"

JFrog - Universal Artifact Management for DevOps Acceleration

A =JFrog - Universal Artifact Management for DevOps Acceleration Share build artifacts & dependencies from development to production with a complete DevOps Platform, including artifact management, pipeline security & software distribution. DevOps Artifact (software development) Computing platform Software Cloud computing Web browser HTML5 video Software distribution CI/CD Management High availability Computer security software Regulatory compliance Automation End-to-end principle Coupling (computer programming) Pipeline (computing) Artifact (video game) Software development Customer

JFrog - Crunchbase Company Profile & Funding

Frog - Crunchbase Company Profile & Funding Frog O M K provides software developers with a binary repository management solution.

Crunchbase Solution Programmer Binary file Software Software repository Software development DevOps Nasdaq Repository (version control) Social networking service Email Software release life cycle Management Tag (metadata) Technical standard Software distribution Binary code FROG Library (computing)