CVE-2019-19937

Опубликовано: 16 мар. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."

Ссылки

https://www.jfrog.com/confluence/display/RTF6X/Importing+and+Exporting
Vendor Advisory
https://www.jfrog.com/confluence/display/RTF6X/Release+Notes#ReleaseNotes-Artifactory6.18
Release Notes
https://www.secureworks.com/research/subject/advisories
Third Party Advisory
https://www.jfrog.com/confluence/display/RTF6X/Importing+and+Exporting
Vendor Advisory
https://www.jfrog.com/confluence/display/RTF6X/Release+Notes#ReleaseNotes-Artifactory6.18
Release Notes
https://www.secureworks.com/research/subject/advisories
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*

Версия до 6.18 (исключая)

EPSS

Процентиль: 66%

0.00515

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-3qwv-82r7-qfr8

github

больше 3 лет назад