Vulnerabilities > Jfrog > Artifactory > 5.3.2

DATE CVE VULNERABILITY TITLE RISK
2024-04-15 CVE-2024-3505 Unspecified vulnerability in Jfrog Artifactory
JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments.
network
low complexity
jfrog
4.3
2024-03-13 CVE-2024-2247 Unspecified vulnerability in Jfrog Artifactory
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.
network
low complexity
jfrog
6.1
2024-03-07 CVE-2023-42661 Unspecified vulnerability in Jfrog Artifactory
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user.
network
low complexity
jfrog
8.8
2022-05-23 CVE-2021-41834 Unspecified vulnerability in Jfrog Artifactory
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.
network
low complexity
jfrog
6.5
2020-10-12 CVE-2019-17444 Weak Password Requirements vulnerability in Jfrog Artifactory
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them.
network
low complexity
jfrog CWE-521
critical
9.8
2020-03-16 CVE-2019-19937 Missing Authorization vulnerability in Jfrog Artifactory
In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
network
low complexity
jfrog CWE-862
7.2
2020-01-23 CVE-2020-7931 Unspecified vulnerability in Jfrog Artifactory
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file.
network
low complexity
jfrog
8.8
2018-07-09 CVE-2018-1000623 Path Traversal vulnerability in Jfrog Artifactory
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution.
network
low complexity
jfrog CWE-22
7.2