Description
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.
Remediation
References
Related Vulnerabilities
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3835)
WordPress Plugin Coupon Tab for DirectoryPress Multiple Cross-Site Scripting Vulnerabilities (0.2.0)
PHP NULL Pointer Dereference Vulnerability (CVE-2018-14884)
Oracle Database Server CVE-2023-21949 Vulnerability (CVE-2023-21949)