CVE-2019-19937Missing Authorization in Artifactory

CWE-862Missing AuthorizationCWE-20Improper Input Validation3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.5%
top 33.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jfrog Artifactory
Timeline
PublishedMar 16
Latest updateMay 24

Description

In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDjfrog/artifactory< 6.18

🔴Vulnerability Details

2
GHSA
GHSA-3qwv-82r7-qfr8: In JFrog Artifactory before 62022-05-24
CVEList
CVE-2019-19937: In JFrog Artifactory before 62020-03-16
CVE-2019-19937 — Missing Authorization in Artifactory | cvebase