JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.
References
Link | Resource |
---|---|
https://www.jfrog.com/confluence/display/JFROG/CVE-2021-41834%3A+Artifactory+Broken+Access+Control+on+Copy+Artifact | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: JFROG
Published: 2022-05-23T07:05:10
Updated: 2022-05-23T07:05:09
Reserved: 2022-02-14T00:00:00
Link: CVE-2021-41834
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-23T07:16:13.007
Modified: 2022-08-09T00:20:18.243
Link: CVE-2021-41834
JSON object: View
Redhat Information
No data.
CWE