CVE-2018-1000623

Name of the Vulnerable Software and Affected Versions JFrog Artifactory versions prior to 6.0.3

Description The issue concerns a Directory Traversal vulnerability in the "Import Repository from Zip" feature, accessible through the Admin menu -> Import & Export -> Repositories. This feature triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in directory traversal, file overwrite, and remote code execution. An attacker with Admin privileges may exploit the publicly known "Zip Slip" vulnerability to add or overwrite files outside the target directory.

Recommendations For versions prior to 6.0.3, update to version 6.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Import Repository from Zip" feature and the /ui/artifactimport/upload endpoint to minimize the risk of exploitation.