Vulnerabilities > CVE-2019-10322 - Missing Authorization vulnerability in Jfrog Artifactory

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
jfrog
CWE-862

Summary

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Vulnerable Configurations

Part Description Count
Application
Jfrog
97

Common Weakness Enumeration (CWE)

Talos

idTALOS-2019-0787
last seen2019-06-10
published2019-06-04
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0787
titleJenkins Artifactory Plugin information disclosure vulnerability