Vulnerabilities > Jfrog > Artifactory > 3.1.1

DATE CVE VULNERABILITY TITLE RISK
2019-05-31 CVE-2019-10323 Missing Authorization vulnerability in Jfrog Artifactory
A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
network
low complexity
jfrog CWE-862
4.3
4.3
2019-05-31 CVE-2019-10322 Missing Authorization vulnerability in Jfrog Artifactory
A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jfrog CWE-862
4.3
4.3
2019-05-31 CVE-2019-10321 Cross-Site Request Forgery (CSRF) vulnerability in Jfrog Artifactory
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jfrog CWE-352
4.3
4.3
2018-05-01 CVE-2016-10036 Unrestricted Upload of File with Dangerous Type vulnerability in Jfrog Artifactory
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.
network
low complexity
jfrog CWE-434
critical
 9.8
9.8
2016-12-09 CVE-2016-6501 Improper Input Validation vulnerability in Jfrog Artifactory
JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.
network
low complexity
jfrog CWE-20
critical
 9.8
9.8