CVE-2021-45074

Summary

JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.

Affected Software

VendorProductVersion RangeStatus
JFrogJFrog ArtifactoryJFrog Artifactory versions before 7.29.3 < 7.29.3affected
JFrogJFrog ArtifactoryJFrog Artifactory versions before 6.23.38 < 6.23.38affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References