CVE-2018-1000623Path Traversal in Artifactory

CWE-22Path Traversal3 documents3 sources
Severity
7.2HIGHNVD
EPSS
1.0%
top 22.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jfrog Artifactory
Timeline
PublishedJul 9
Latest updateMay 14

Description

JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint a

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDjfrog/artifactory4.0.06.0.3

🔴Vulnerability Details

2
GHSA
GHSA-5w62-43c9-wr5m: JFrog JFrog Artifactory version Prior to version 62022-05-14
CVEList
CVE-2018-1000623: JFrog JFrog Artifactory version Prior to version 62018-07-09
CVE-2018-1000623 — Path Traversal in Jfrog Artifactory | cvebase