CRITICAL9.8CVE-2022-0668JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted… >= 6.0.0, < 6.23.41, >= 7.0.0, < 7.37.13
CRITICAL9.3CVE-2024-6915JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Val… from 0, < 7.55.18, >= 7.56.0, < 7.59.23, >= 7.60.0, < 7.63.22, >= 7.64.0, < 7.68.22, >= 7.69.0, < 7.71.23, >= 7.72.0, < 7.77.14, >= 7.78.0, < 7.84.20, >= 7.85.0, < 7.90.6
CRITICAL9.0An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory.
from 0, < 7.55.17, >= 7.56.0, < 7.59.22, >= 7.60.0, < 7.63.21, >= 7.64.0, < 7.68.21, >= 7.69.0, < 7.71.21, >= 7.72.0, < 7.77.11, >= 7.78.0, < 7.84.6
HIGH8.8JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Exe…
from 0, < 7.76.2
HIGH8.8In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authori…
from 0, < 5.11.8, >= 6.0.0, < 6.1.6, >= 6.2.0, < 6.3.9, >= 6.4.0, < 6.7.8, >= 6.8.0, < 6.8.17, >= 6.9.0, < 6.9.6, >= 6.10.0, < 6.10.9, >= 6.11.0, < 6.11.7, >= 6.12.0, < 6.12.3, >= 6.13.0, < 6.13.2, >= 6.14.0, < 6.14.2, >= 6.15.0, < 6.15.1
HIGH8.8JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints.
>= 6.0.0, < 6.23.38, >= 7.0.0, < 7.33.6
HIGH8.8JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user…
from 0, < 6.23.30, >= 7.11.0, < 7.11.8, >= 7.12.0, < 7.12.10, >= 7.17.0, < 7.17.14, >= 7.18.0, < 7.18.11, >= 7.19.0, < 7.19.12, >= 7.21.0, < 7.21.14, >= 7.23.0, < 7.23.8, >= 7.24.0, < 7.24.7, >= 7.25.0, < 7.25.4
HIGH8.8JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege E…
>= 6.0.0, < 6.23.41, >= 7.0.0, < 7.17.16, >= 7.18.0, < 7.18.12, >= 7.19.0, < 7.19.13, >= 7.21.0, < 7.21.25, >= 7.25.0, < 7.25.9, >= 7.27.0, < 7.27.15, >= 7.29.0, < 7.29.10, >= 7.31.0, < 7.31.16, >= 7.33.0, < 7.33.12, >= 7.34.0, < 7.34.4, >= 7.35.0, < 7.35.1, >= 7.36.0, < 7.36.1
HIGH7.5JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled…
>= 7.17.4, < 7.77.0
MEDIUM6.5JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction…
>= 7.59.0, < 7.59.18, >= 7.60.0, < 7.63.18, >= 7.64.0, < 7.68.19, >= 7.69.0, < 7.71.8
MEDIUM6.5JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-…
from 0, < 6.23.38, >= 7.0.0, < 7.28.0
MEDIUM6.5JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unau…
>= 7.0.0, < 7.66.0
MEDIUM6.4A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to…
from 0, < 7.84.7
MEDIUM6.1JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import ov…
from 0, < 7.77.7, >= 7.78.0, < 7.82.1
MEDIUM6.1JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR paramete…
>= 6.0.0, < 6.23.38, >= 7.0.0, < 7.29.8
MEDIUM5.4JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known us…
>= 6.0.0, < 6.23.38, >= 7.0.0, < 7.29.3
MEDIUM4.9JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Reposit…
>= 7.0.0, < 7.31.10
MEDIUM4.9JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API.
>= 6.0.0, < 6.23.38, >= 7.0.0, < 7.31.10
MEDIUM4.3JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authentica…
from 0, < 7.77.8
LOW3.3Passwords stored in plain text by Jenkins Artifactory Plugin
from 0, < 3.5.1
LOW3.1Passwords transmitted in plain text by Jenkins Artifactory Plugin
from 0, < 3.6.1
LOW2.7JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repositor…
>= 7.0.0, < 7.31.10