Vulnerabilities > Jfrog > Artifactory > 6.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-12 | CVE-2019-17444 | Weak Password Requirements vulnerability in Jfrog Artifactory Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. | 9.8 |
2020-03-16 | CVE-2019-19937 | Missing Authorization vulnerability in Jfrog Artifactory In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results." | 7.2 |
2020-01-23 | CVE-2020-7931 | Unspecified vulnerability in Jfrog Artifactory In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. | 8.8 |
2018-07-13 | CVE-2018-1000206 | Cross-Site Request Forgery (CSRF) vulnerability in Jfrog Artifactory JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. | 8.8 |
2018-07-09 | CVE-2018-1000623 | Path Traversal vulnerability in Jfrog Artifactory JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. | 7.2 |