Vulnerabilities > Jfrog > Artifactory > 7.29.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-03 | CVE-2023-42508 | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body. | 6.5 |
| 2023-01-08 | CVE-2022-0668 | Improper Privilege Management vulnerability in Jfrog Artifactory JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user. | 9.8 |
| 2022-07-06 | CVE-2021-23163 | Cross-Site Request Forgery (CSRF) vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. | 6.8 |
| 2022-07-06 | CVE-2021-46687 | Exposure of Resource to Wrong Sphere vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. | 6.8 |
| 2022-05-19 | CVE-2021-45730 | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. | 4.0 |
| 2022-03-02 | CVE-2021-46270 | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. | 2.7 |