Known Vulnerabilities for products from Jfrog
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Jfrog".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-0573 | JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to Do... | Not Provided | 2022-05-16 | 2022-05-16 |
| CVE-2021-46270 | JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all avail... | 2.7 - LOW | 2022-03-02 | 2022-03-02 |
| CVE-2021-45074 | JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete ... | 5.4 - MEDIUM | 2022-03-02 | 2022-03-02 |
| CVE-2021-3860 | JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged auth... | 8.8 - HIGH | 2021-12-20 | 2022-01-03 |
| CVE-2020-7931 | In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying ... | 8.8 - HIGH | 2020-01-23 | 2020-01-30 |
| CVE-2020-2165 | Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins confi... | 7.5 - HIGH | 2020-03-25 | 2020-03-27 |
| CVE-2020-2164 | Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration f... | 6.5 - MEDIUM | 2020-03-25 | 2020-03-27 |
| CVE-2019-19937 | In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the... | 7.2 - HIGH | 2020-03-16 | 2021-07-21 |
| CVE-2019-17444 | Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to chang... | 9.8 - CRITICAL | 2020-10-12 | 2020-10-20 |
| CVE-2019-10324 | A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleR... | 6.5 - MEDIUM | 2019-05-31 | 2019-06-03 |
| CVE-2019-10323 | A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowe... | 4.3 - MEDIUM | 2019-05-31 | 2020-10-01 |
| CVE-2019-10322 | A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnect... | 4.3 - MEDIUM | 2019-05-31 | 2020-10-01 |
| CVE-2019-10321 | A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorIm... | 4.3 - MEDIUM | 2019-05-31 | 2019-06-05 |
| CVE-2019-9733 | An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the... | 9.8 - CRITICAL | 2019-04-11 | 2020-08-24 |
| CVE-2018-1000623 | JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in T... | 7.2 - HIGH | 2018-07-09 | 2018-09-11 |
| CVE-2018-1000424 | An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryB... | 7.8 - HIGH | 2019-01-09 | 2020-08-24 |
| CVE-2018-1000206 | JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can ... | 8.8 - HIGH | 2018-07-13 | 2019-06-03 |
| CVE-2018-19971 | JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. | 9.8 - CRITICAL | 2019-04-16 | 2020-08-24 |
| CVE-2016-10036 | Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) ... | 9.8 - CRITICAL | 2018-05-01 | 2018-06-13 |
| CVE-2016-6501 | JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serializ... | 9.8 - CRITICAL | 2016-12-09 | 2016-12-15 |
Known software with vulnerabilities from Jfrog
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Jfrog | Artifactory | 1.0 |
Popular searches for "Jfrog"
JFrog - Universal Artifact Management for DevOps Acceleration
jfrog.comA =JFrog - Universal Artifact Management for DevOps Acceleration Share build artifacts & dependencies from development to production with a complete DevOps Platform, including artifact management, pipeline security & software distribution.
www.jfrog.org www.jfrog.org/sites/artifactory/latest www.jfrog.org/products.php leap.jfrog.com/WN2017-ImplementingaSingleSourceofTruthinaHybridCloudWorld_RegistrationPage.html blog.bintray.com/category/new-features blog.bintray.com/tag/bintray DevOps Artifact (software development) Computing platform Software Cloud computing Web browser HTML5 video Software distribution CI/CD Management High availability Computer security software Regulatory compliance Automation End-to-end principle Coupling (computer programming) Pipeline (computing) Artifact (video game) Software development Customer
JFrog - Crunchbase Company Profile & Funding
www.crunchbase.com/organization/jfrog-ltdFrog - Crunchbase Company Profile & Funding Frog O M K provides software developers with a binary repository management solution.
Crunchbase Solution Programmer Binary file Software Software repository Software development DevOps Nasdaq Repository (version control) Social networking service Email Software release life cycle Management Tag (metadata) Technical standard Software distribution Binary code FROG Library (computing)