Description

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.

Remediation

References

CVE-2021-41834

Related Vulnerabilities

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33327)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-15809)

Zope Web Application Server CVE-2011-3587 Vulnerability (CVE-2011-3587)

Skipper Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-38580)

WordPress Plugin Sina Extension for Elementor Multiple Cross-Site Scripting Vulnerabilities (3.3.11)

Severity

Medium

Classification

CVE-2021-41834 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities