CVE-2021-41834Improper Access Control in Artifactory

CWE-284Improper Access ControlCWE-732Incorrect Permission Assignment3 documents3 sources
Severity
6.5MEDIUMNVD
CNA5.3
EPSS
0.2%
top 60.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jfrog Artifactory
Timeline
PublishedMay 23
Latest updateMay 24

Description

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5jfrog/artifactory7.x7.28.0+1
NVDjfrog/artifactory7.0.07.28.0+1

Patches

Patch: www.jfrog.comPatch: www.jfrog.com

🔴Vulnerability Details

2
GHSA
GHSA-p5f9-4qvw-vrhw: JFrog Artifactory prior to version 72022-05-24
CVEList
CVE-2021-41834: JFrog Artifactory prior to version 72022-05-23
CVE-2021-41834 — Improper Access Control in Artifactory | cvebase