CVE-2021-46270

Опубликовано: 02 мар. 2022

Источник: nvd

CVSS3: 2.7

CVSS2: 4

EPSS Низкий

Описание

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.

Ссылки

https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46270%3A+Artifactory+Project+Admin+Repository+Name+Disclosure
Vendor Advisory
https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories
Vendor Advisory
https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46270%3A+Artifactory+Project+Admin+Repository+Name+Disclosure
Vendor Advisory
https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*

Версия от 7.0.0 (включая) до 7.31.10 (исключая)

EPSS

Процентиль: 39%

0.00174

Низкий

2.7 Low

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-34r5-hj3h-jf22