CVE-2022-0668 - OpenCVE

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Jfrog	Artifactory

Configuration 1 [-]

OR	cpe:2.3:a:jfrog:artifactory::::::-::*
	cpe:2.3:a:jfrog:artifactory::::::-::*

References

Link	Resource
https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: JFROG

Published: 2023-01-08T00:00:00

Updated: 2023-01-08T00:00:00

Reserved: 2022-02-17T00:00:00

Link: CVE-2022-0668

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-01-08T15:15:10.430

Modified: 2023-01-12T22:24:15.130

Link: CVE-2022-0668

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*", "matchCriteriaId": "6A2EA197-B384-4943-B3C2-181AF36B33DE", "versionEndExcluding": "6.23.41", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*", "matchCriteriaId": "66CE9CDB-0208-4418-AA84-1A006BBECAB5", "versionEndExcluding": "7.37.13", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user."}, {"lang": "es", "value": "JFrog Artifactory anterior a 7.37.13 es vulnerable a la omisi\u00f3n de autenticaci\u00f3n, lo que puede provocar una escalada de privilegios cuando un usuario no autenticado env\u00eda una solicitud especialmente manipulada."}], "id": "CVE-2022-0668", "lastModified": "2023-01-12T22:24:15.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "reefs@jfrog.com", "type": "Secondary"}]}, "published": "2023-01-08T15:15:10.430", "references": [{"source": "reefs@jfrog.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass"}], "sourceIdentifier": "reefs@jfrog.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-274"}], "source": "reefs@jfrog.com", "type": "Secondary"}]}