CVE-2021-46687

Published: Jul 6, 2022Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x.

Affected (2)

Products: Jfrog: Artifactory

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Jfrog Artifactory	From 6.0.0 to 6.23.38
Jfrog Artifactory	From 7.0.0 to 7.31.10

Related CWEs

Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (4)

https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin

Source: reefs@jfrog.com

PatchVendor Advisory

https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories

Source: reefs@jfrog.com

Vendor Advisory

https://www.jfrog.com/confluence/display/JFROG/CVE-2021-46687%3A+Sensitive+data+exposure+on+proxy+endpoint+for+Project+Admin

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.