CVE-2021-41834

Summary

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.

Affected Software

VendorProductVersion RangeStatus
JFrogArtifactory7.x < 7.28.0affected
JFrogArtifactory6.x < 6.23.38affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References