PT-2022-11491 · Jfrog · Jfrog Artifactory

Published

2022-05-23

Updated

2024-03-06

CVE-2021-41834

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions JFrog Artifactory versions prior to 7.28.0 JFrog Artifactory versions prior to 6.23.38

Description The issue is related to Broken Access Control, where the copy functionality can be exploited by a low-privileged user to read and copy any artifact in the Artifactory deployment due to improper permissions validation.

Recommendations For versions prior to 7.28.0, update to version 7.28.0 or later. For versions prior to 6.23.38, update to version 6.23.38 or later.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BIT-ARTIFACTORY-2021-41834

CVE-2021-41834

Affected Products

Jfrog Artifactory

PT-2022-11491 · Jfrog · Jfrog Artifactory

CVE-2021-41834

Weakness Enumeration

Related Identifiers

Affected Products

References · 6