Description

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.

Remediation

References

CVE-2021-41834

Related Vulnerabilities

MySQL CVE-2019-2627 Vulnerability (CVE-2019-2627)

WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Scripting (3.1.23)

Oracle JRE CVE-2020-2816 Vulnerability (CVE-2020-2816)

WordPress Plugin Multivendor Marketplace Solution for WooCommerce-WC Marketplace Unspecified Vulnerability (2.1.2)

WordPress Plugin Music Store Open Redirect (1.0.14)

Severity

Medium

Classification

CVE-2021-41834 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities