CVE-2021-45730 MEDIUM

CVE-2021-45730

Vendor Jfrog
Product Artifactory
Weakness CWE-284
Published May 19, 2022
Last update August 4, 2024

CVSS base score

6.0/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.

Key dates

02Disclosure timeline

May 19, 2022 CVE published
August 4, 2024 Record updated