CVE-2019-17444 CRITICAL

CVE-2019-17444: JFrog Artifactory does not enforce default admin password change

Vendor Jfrog
Product Artifactory
Weakness CWE-521
Published October 12, 2020
Last update September 16, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.

Key dates

02Disclosure timeline

October 12, 2020 CVE published
September 16, 2024 Record updated