Product
jfrog artifactory
32 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-3505
CVE-2024-2247
CVE-2023-42661
CVE-2023-42509
CVE-2023-42662
CVE-2023-42508
CVE-2022-0668
CVE-2021-46687
CVE-2021-45721
CVE-2021-23163
CVE-2021-41834
CVE-2021-45730
CVE-2022-0573
CVE-2021-46270
CVE-2021-45074
CVE-2021-3860
CVE-2019-17444
CVE-2020-2165
CVE-2020-2164
CVE-2019-19937
CVE-2020-7931
CVE-2019-10324
CVE-2019-10323
CVE-2019-10322
CVE-2019-10321
CVE-2018-19971
CVE-2019-9733
CVE-2018-1000424
CVE-2018-1000206
CVE-2018-1000623
CVE-2016-10036
CVE-2016-6501
< 7.77.3
JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged a
<= 7.77.7
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the
< 7.76.2
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote
>= 7.17.4 and < 7.77.0
JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly
>= 7.59.0 and < 7.59.18
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user int
>= 7.0.0 and < 7.66.0
JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lea
>= 6.0.0 and < 6.23.41
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially
>= 6.0.0 and < 6.23.38
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator
>= 6.0.0 and < 6.23.38
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR
>= 6.0.0 and < 6.23.38
JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints.
< 6.23.38
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used
>= 7.0.0 and < 7.31.10
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delet
>= 6.0.0 and < 6.23.41
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Pr
>= 7.0.0 and < 7.31.10
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available
>= 6.0.0 and < 6.23.38
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other
< 6.23.30
JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authentic
< 6.17.0
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change the
<= 3.6.0
Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configurat
<= 3.5.0
Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file o
< 6.18
In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the ente
>= 6.8.0 and < 6.8.17
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ss
<= 3.2.2
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleas
<= 3.2.3
A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed use
<= 3.2.2
A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection a
<= 3.2.2
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#do
all versions
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.
all versions
An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admi
<= 2.16.1
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilde
>= 5.11.0 and < 6.1.0
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can resul
>= 4.0.0 and < 6.0.3
JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "I
< 4.16
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deplo
<= 4.10
JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Ja