Jfrog: >> Artifactory >> 7.59.18 Security Vulnerabilities
JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration.
This does not affect JFrog cloud deployments.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-04-15
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.
CVSS Score
8.8
EPSS Score
0.022
Published
2024-03-13
JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.
CVSS Score
6.6
EPSS Score
0.003
Published
2024-03-07
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts.
CVSS Score
7.2
EPSS Score
0.012
Published
2024-03-07
JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-10-03