CVE-2021-41834 MEDIUM

CVE-2021-41834

Vendor Jfrog

Product Artifactory

Weakness CWE-284

Published May 23, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.

Key dates

02Disclosure timeline

May 23, 2022 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-41834 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2021-41834

CWE CWE-284

CVSS 5.3 / MEDIUM

Affected versions

Vendor Jfrog

Product Artifactory

Affected ≥ 7.x and < 7.28.0

Vendor Jfrog

Product Artifactory

Affected ≥ 6.x and < 6.23.38

CVE-2021-41834

01Description

02Disclosure timeline

03References

04Related CVE