Описание
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.
Ссылки
- Release NotesVendor Advisory
- Vendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.17.0 (исключая)
cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*
EPSS
Процентиль: 100%
0.92493
Критический
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-521
CWE-521
Связанные уязвимости
github
больше 3 лет назад
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.
EPSS
Процентиль: 100%
0.92493
Критический
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-521
CWE-521