CVE-2022-0573Deserialization of Untrusted Data in Artifactory

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
8.8HIGHNVD
EPSS
5.9%
top 9.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jfrog ArtifactoryJfrog Artifactory
Timeline
PublishedMay 16
Latest updateMay 17

Description

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDjfrog/artifactory6.0.06.23.41+12
CVEListV5jfrog/jfrog_artifactoryJFrog Artifactory versions before 7.36.17.36.1+1

Patches

Patch: www.jfrog.comPatch: www.jfrog.com

🔴Vulnerability Details

2
GHSA
GHSA-h37x-959w-fc48: JFrog Artifactory before 72022-05-17
CVEList
CVE-2022-0573: JFrog Artifactory before 72022-05-16
CVE-2022-0573 — Deserialization of Untrusted Data | cvebase