Known Vulnerabilities for products from Jfrog
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Jfrog".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-42508 json | JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which ca... | 6.5 - MEDIUM | 2023-10-03 | 2023-10-05 |
| CVE-2022-0668 json | JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a spec... | 9.8 - CRITICAL | 2023-01-08 | 2023-01-12 |
| CVE-2022-0573 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-05-16 | 2022-05-25 |
| CVE-2021-46687 json | JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administr... | 4.9 - MEDIUM | 2022-07-06 | 2022-07-13 |
| CVE-2021-46270 json | JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all avail... | 2.7 - LOW | 2022-03-02 | 2023-06-26 |
| CVE-2021-45730 json | JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and ... | 4.9 - MEDIUM | 2022-05-19 | 2022-08-09 |
| CVE-2021-45721 json | JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of th... | 6.1 - MEDIUM | 2022-07-06 | 2022-07-13 |
| CVE-2021-45074 json | JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete ... | 5.4 - MEDIUM | 2022-03-02 | 2022-08-09 |
| CVE-2021-41834 json | JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be ... | 6.5 - MEDIUM | 2022-05-23 | 2022-08-09 |
| CVE-2021-23163 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-07-06 | 2022-07-13 |
| CVE-2021-3860 json | JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged auth... | 8.8 - HIGH | 2021-12-20 | 2022-01-03 |
| CVE-2020-7931 json | In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying ... | 8.8 - HIGH | 2020-01-23 | 2020-01-30 |
| CVE-2020-2165 json | Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins confi... | 7.5 - HIGH | 2020-03-25 | 2023-10-25 |
| CVE-2020-2164 json | Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration f... | 6.5 - MEDIUM | 2020-03-25 | 2023-10-25 |
| CVE-2019-19937 json | In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the... | 7.2 - HIGH | 2020-03-16 | 2021-07-21 |
| CVE-2019-17444 json | Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to chang... | 9.8 - CRITICAL | 2020-10-12 | 2020-10-20 |
| CVE-2019-10324 json | A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleR... | 6.5 - MEDIUM | 2019-05-31 | 2023-10-25 |
| CVE-2019-10323 json | A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowe... | 4.3 - MEDIUM | 2019-05-31 | 2023-10-25 |
| CVE-2019-10322 json | A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnect... | 4.3 - MEDIUM | 2019-05-31 | 2023-10-25 |
| CVE-2019-10321 json | A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorIm... | 4.3 - MEDIUM | 2019-05-31 | 2023-10-25 |
Known software with vulnerabilities from Jfrog
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Jfrog | Artifactory | 1.0 |