Vulnerabilities in JFrog
21 resultsCVE-2019-17444CRITICALJFrog Artifactory does not enforce default admin password changeEPSS 69.4%CVE-2022-0573HIGHJFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege EsEPSS 1.9%CVE-2021-3860HIGHJFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user EPSS 1.0%CVE-2023-42661HIGHJFrog Artifactory Improper input validation leads to arbitrary file writeEPSS 0.9%CVE-2021-46687MEDIUMJFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. EPSS 0.7%CVE-2024-4142CRITICALJFrog Artifactory Improper input validation within token creation flowEPSS 0.7%CVE-2022-0668MEDIUMJFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted rEPSS 0.6%CVE-2021-46270LOWJFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repositoryEPSS 0.6%CVE-2021-45074MEDIUMJFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known useEPSS 0.6%CVE-2024-6915CRITICALJFrog Artifactory Cache PoisoningEPSS 0.6%CVE-2021-41834MEDIUMJFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-pEPSS 0.5%CVE-2024-2247HIGHJFrog Artifactory Cross-Site ScriptingEPSS 0.5%CVE-2021-45730MEDIUMJFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete RepositoEPSS 0.5%CVE-2021-45721MEDIUMJFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameterEPSS 0.5%CVE-2023-42662CRITICALJFrog Artifactory Improper SSO Mechanism may lead to Exposure of Access TokensEPSS 0.5%CVE-2023-42509MEDIUMJFrog Artifactory Sensitive Data Leakage in Repository configuration processEPSS 0.4%CVE-2024-3505MEDIUMJFrog Self-Hosted Artifactory Proxy configuration accessible to low-privilege usersEPSS 0.4%CVE-2023-42508MEDIUMJFrog Artifactory Improper header input validation leads to email manipulation sent from the platformEPSS 0.4%CVE-2021-23163LOWJFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issuEPSS 0.3%CVE-2024-2248MEDIUMJFrog Artifactory Header InjectionEPSS 0.3%