WEB APPLICATION VULNERABILITIES Standard & Premium

Artifactory Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-41834)

Description

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.

Remediation

References

Related Vulnerabilities

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7561)

Apache 2.x version older than 2.0.61

PHP Resource Management Errors Vulnerability (CVE-2014-3538)

MySQL CVE-2016-0644 Vulnerability (CVE-2016-0644)

Severity

Medium

Classification

CVE-2021-41834 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities