pkg:Bitnami/artifactory

22 total CVEsCRITICAL3HIGH6MEDIUM10LOW3

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-0668JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted…
    >= 6.0.0, < 6.23.41, >= 7.0.0, < 7.37.13
  • CRITICAL9.3CVE-2024-6915JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Val…
    from 0, < 7.55.18, >= 7.56.0, < 7.59.23, >= 7.60.0, < 7.63.22, >= 7.64.0, < 7.68.22, >= 7.69.0, < 7.71.23, >= 7.72.0, < 7.77.14, >= 7.78.0, < 7.84.20, >= 7.85.0, < 7.90.6
  • CRITICAL9.0CVE-2024-4142An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory.
    from 0, < 7.55.17, >= 7.56.0, < 7.59.22, >= 7.60.0, < 7.63.21, >= 7.64.0, < 7.68.21, >= 7.69.0, < 7.71.21, >= 7.72.0, < 7.77.11, >= 7.78.0, < 7.84.6
  • HIGH8.8CVE-2023-42661JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Exe…
    from 0, < 7.76.2
  • HIGH8.8CVE-2020-7931In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authori…
    from 0, < 5.11.8, >= 6.0.0, < 6.1.6, >= 6.2.0, < 6.3.9, >= 6.4.0, < 6.7.8, >= 6.8.0, < 6.8.17, >= 6.9.0, < 6.9.6, >= 6.10.0, < 6.10.9, >= 6.11.0, < 6.11.7, >= 6.12.0, < 6.12.3, >= 6.13.0, < 6.13.2, >= 6.14.0, < 6.14.2, >= 6.15.0, < 6.15.1
  • HIGH8.8CVE-2021-23163JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints.
    >= 6.0.0, < 6.23.38, >= 7.0.0, < 7.33.6
  • HIGH8.8CVE-2021-3860JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user…
    from 0, < 6.23.30, >= 7.11.0, < 7.11.8, >= 7.12.0, < 7.12.10, >= 7.17.0, < 7.17.14, >= 7.18.0, < 7.18.11, >= 7.19.0, < 7.19.12, >= 7.21.0, < 7.21.14, >= 7.23.0, < 7.23.8, >= 7.24.0, < 7.24.7, >= 7.25.0, < 7.25.4
  • HIGH8.8CVE-2022-0573JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege E…
    >= 6.0.0, < 6.23.41, >= 7.0.0, < 7.17.16, >= 7.18.0, < 7.18.12, >= 7.19.0, < 7.19.13, >= 7.21.0, < 7.21.25, >= 7.25.0, < 7.25.9, >= 7.27.0, < 7.27.15, >= 7.29.0, < 7.29.10, >= 7.31.0, < 7.31.16, >= 7.33.0, < 7.33.12, >= 7.34.0, < 7.34.4, >= 7.35.0, < 7.35.1, >= 7.36.0, < 7.36.1
  • HIGH7.5CVE-2023-42509JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled…
    >= 7.17.4, < 7.77.0
  • MEDIUM6.5CVE-2023-42662JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction…
    >= 7.59.0, < 7.59.18, >= 7.60.0, < 7.63.18, >= 7.64.0, < 7.68.19, >= 7.69.0, < 7.71.8
  • MEDIUM6.5CVE-2021-41834JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-…
    from 0, < 6.23.38, >= 7.0.0, < 7.28.0
  • MEDIUM6.5CVE-2023-42508JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unau…
    >= 7.0.0, < 7.66.0
  • MEDIUM6.4CVE-2024-2248A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to…
    from 0, < 7.84.7
  • MEDIUM6.1CVE-2024-2247JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import ov…
    from 0, < 7.77.7, >= 7.78.0, < 7.82.1
  • MEDIUM6.1CVE-2021-45721JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR paramete…
    >= 6.0.0, < 6.23.38, >= 7.0.0, < 7.29.8
  • MEDIUM5.4CVE-2021-45074JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known us…
    >= 6.0.0, < 6.23.38, >= 7.0.0, < 7.29.3
  • MEDIUM4.9CVE-2021-45730JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Reposit…
    >= 7.0.0, < 7.31.10
  • MEDIUM4.9CVE-2021-46687JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API.
    >= 6.0.0, < 6.23.38, >= 7.0.0, < 7.31.10
  • MEDIUM4.3CVE-2024-3505JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authentica…
    from 0, < 7.77.8
  • LOW3.3CVE-2020-2164Passwords stored in plain text by Jenkins Artifactory Plugin
    from 0, < 3.5.1
  • LOW3.1CVE-2020-2165Passwords transmitted in plain text by Jenkins Artifactory Plugin
    from 0, < 3.6.1
  • LOW2.7CVE-2021-46270JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repositor…
    >= 7.0.0, < 7.31.10