Jfrog: >> Artifactory >> 6.11.1 Security Vulnerabilities
In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
CVSS Score
7.2
EPSS Score
0.005
Published
2020-03-16
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.
CVSS Score
8.8
EPSS Score
0.327
Published
2020-01-23