CVE-2021-45730Improper Access Control in Artifactory

CWE-284Improper Access ControlCWE-863Incorrect Authorization3 documents3 sources
Severity
4.9MEDIUMNVD
CNA6.0
EPSS
0.2%
top 62.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jfrog Artifactory
Timeline
PublishedMay 19
Latest updateMay 20

Description

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5jfrog/artifactory7.x7.31.10
NVDjfrog/artifactory7.0.07.31.10

Patches

Patch: www.jfrog.comPatch: www.jfrog.com

🔴Vulnerability Details

2
GHSA
GHSA-rq6c-pcm6-q4r9: JFrog Artifactory prior to 72022-05-20
CVEList
CVE-2021-45730: JFrog Artifactory prior to 72022-05-19
CVE-2021-45730 — Improper Access Control in Artifactory | cvebase