Vulnerabilities > Jfrog > Artifactory > 7.21.20
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-15 | CVE-2024-3505 | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments. | 4.3 |
2024-03-13 | CVE-2024-2247 | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism. | 6.1 |
2024-03-07 | CVE-2023-42509 | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data. | 7.5 |
2024-03-07 | CVE-2023-42661 | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. | 8.8 |
2023-10-03 | CVE-2023-42508 | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body. | 6.5 |
2023-01-08 | CVE-2022-0668 | Improper Privilege Management vulnerability in Jfrog Artifactory JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user. | 9.8 |
2022-07-06 | CVE-2021-23163 | Cross-Site Request Forgery (CSRF) vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. | 8.8 |
2022-07-06 | CVE-2021-45721 | Cross-site Scripting vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. | 6.1 |
2022-07-06 | CVE-2021-46687 | Exposure of Resource to Wrong Sphere vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. | 4.9 |
2022-05-23 | CVE-2021-41834 | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | 6.5 |