CVE-2022-0573
published 2022-05-16CVE-2022-0573: JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote…
PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.90%
77.0th percentile
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jfrog | artifactory | — | — |
| jfrog | artifactory | — | — |
| jfrog | artifactory | >= 6.0.0 < 6.23.41 | 6.23.41 |
| jfrog | artifactory | >= 7.0.0 < 7.17.16 | 7.17.16 |
| jfrog | artifactory | >= 7.18.0 < 7.18.12 | 7.18.12 |
| jfrog | artifactory | >= 7.19.0 < 7.19.13 | 7.19.13 |
| jfrog | artifactory | >= 7.21.0 < 7.21.25 | 7.21.25 |
| jfrog | artifactory | >= 7.25.0 < 7.25.9 | 7.25.9 |
| jfrog | artifactory | >= 7.27.0 < 7.27.15 | 7.27.15 |
| jfrog | artifactory | >= 7.29.0 < 7.29.10 | 7.29.10 |
| jfrog | artifactory | >= 7.31.0 < 7.31.16 | 7.31.16 |
| jfrog | artifactory | >= 7.33.0 < 7.33.12 | 7.33.12 |
| jfrog | artifactory | >= 7.34.0 < 7.34.4 | 7.34.4 |
| jfrog | jfrog_artifactory | >= JFrog Artifactory versions before 6.23.41 < 6.23.41 | 6.23.41 |
| jfrog | jfrog_artifactory | >= JFrog Artifactory versions before 7.36.1 < 7.36.1 | 7.36.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Datahttps://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisorieshttps://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Datahttps://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories
2022-05-16
Published