Lucene search

JFROGCVELIST:CVE-2022-0668

HistoryJan 08, 2023 - 12:00 a.m.

CVE-2022-0668

2023-01-0800:00:00

CWE-274

JFROG

www.cve.org

jfrog

artifactory

vulnerability

authentication

bypass

privilege escalation

unauthenticated user

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

50.4%

JSON

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.

CNA Affected

[
  {
    "vendor": "JFrog",
    "product": "JFrog Artifactory",
    "versions": [
      {
        "version": "JFrog Artifactory versions before 7.x",
        "status": "affected",
        "lessThan": "7.37.13",
        "versionType": "custom"
      },
      {
        "version": "JFrog Artifactory versions before 6.x",
        "status": "affected",
        "lessThan": "6.23.41",
        "versionType": "custom"
      }
    ]
  }
]

References

www.jfrog.com/confluence/display/JFROG/CVE-2022-0668%3A+Artifactory+Authentication+Bypass

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

50.4%

JSON

Related for CVELIST:CVE-2022-0668