Every CVE whose affected-product data names Jfrog Artifactory, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (32)
CVE-2016-6501 — CVSS 9.8 (critical): JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java…
CVE-2016-10036 — CVSS 9.8 (critical): Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an…
CVE-2019-9733 — CVSS 9.8 (critical): An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account…
CVE-2019-17444 — CVSS 9.8 (critical): Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This…
CVE-2023-42662 — CVSS 9.3 (critical): JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction…
CVE-2022-0573 — CVSS 8.8 (high): JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege…
CVE-2018-1000206 — CVSS 8.8 (high): JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in…
CVE-2020-7931 — CVSS 8.8 (high): In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a…
CVE-2021-3860 — CVSS 8.8 (high): JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user…
CVE-2024-2247 — CVSS 8.8 (high): JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import…
CVE-2018-1000424 — CVSS 7.8 (high): An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java…
CVE-2020-2165 — CVSS 7.5 (high): Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form…
CVE-2019-19937 — CVSS 7.2 (high): In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise…
CVE-2018-1000623 — CVSS 7.2 (high): JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import…
CVE-2023-42661 — CVSS 7.2 (high): JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code…
CVE-2023-42509 — CVSS 6.6 (medium): JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled…
CVE-2023-42508 — CVSS 6.5 (medium): JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to…
CVE-2020-2164 — CVSS 6.5 (medium): Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the…
CVE-2019-10324 — CVSS 6.5 (medium): A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit…
CVE-2021-45721 — CVSS 6.1 (medium): JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR…
CVE-2021-45730 — CVSS 6.0 (medium): JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete…
CVE-2021-41834 — CVSS 5.3 (medium): JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a…
CVE-2022-0668 — CVSS 5.3 (medium): JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted…
CVE-2021-46687 — CVSS 4.9 (medium): JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API…
CVE-2024-3505 — CVSS 4.3 (medium): JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged…
CVE-2019-10321 — CVSS 4.3 (medium): A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnec…
CVE-2019-10322 — CVSS 4.3 (medium): A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed…
CVE-2019-10323 — CVSS 4.3 (medium): A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with…
CVE-2021-45074 — CVSS 4.3 (medium): JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known…
CVE-2021-23163 — CVSS 3.1 (low): JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This…
CVE-2021-46270 — CVSS 2.7 (low): JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available…