PT-2022-12300 · Jfrog · Jfrog Artifactory
Published
2022-03-02
·
Updated
2024-03-06
·
CVE-2021-45074
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
JFrog Artifactory versions prior to 7.29.3
JFrog Artifactory versions prior to 6.23.38
Description
The issue is related to Broken Access Control, where a low-privileged user can delete other known users' OAuth token. This action forces a reauthentication on an active session or in the next UI session.
Recommendations
For versions prior to 7.29.3, update to version 7.29.3 or later.
For versions prior to 6.23.38, update to version 6.23.38 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jfrog Artifactory