Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
JFrog Artifactory 安全漏洞
Vulnerability Description
Jfrog JFrog Artifactory是以色列JFrog(Jfrog)公司的一款开源的通用Artifact存储库管理器,它支持集群和高可用性Docker注册表,并提供端到端的用于跟踪从开发到生产的工件自动化解决方案。 JFrog Artifactory 存在安全漏洞,该漏洞源于7.29.3和6.23.38之前的JFrog Artifactory容易受到访问控制中断的影响,低权限用户能够删除其他已知用户的OAuth令牌,这将迫使在活动会话或下一个UI会话上重新进行身份验证。
CVSS Information
N/A
Vulnerability Type
N/A