CVE-2022-0668

Summary

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.

Affected Software

VendorProductVersion RangeStatus
JFrogJFrog ArtifactoryJFrog Artifactory versions before 7.x < 7.37.13affected
JFrogJFrog ArtifactoryJFrog Artifactory versions before 6.x < 6.23.41affected

Weaknesses

  • CWE-274: CWE-274 Improper Handling of Insufficient Privileges

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References