CVE-2021-46270 — Improper Access Control in Artifactory

CWE-284 — Improper Access Control CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

2.7LOWNVD

EPSS

0.2%

top 61.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jfrog Artifactory Jfrog Artifactory

Timeline

PublishedMar 2

Latest updateMar 3

Description

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶NVDjfrog/artifactory7.0.0 — 7.31.10

▶CVEListV5jfrog/jfrog_artifactoryJFrog Artifactory versions before 7.31.10 — 7.31.10

🔴Vulnerability Details

GHSA

GHSA-34r5-hj3h-jf22: JFrog Artifactory before 7↗2022-03-03

▶

CVEList

CVE-2021-46270: JFrog Artifactory before 7↗2022-03-02

▶