CVE-2019-17444 PoC — JFrog Artifactory 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-17444.yaml

Associated Vulnerability

Title:JFrog Artifactory 安全漏洞 (CVE-2019-17444)
Description:JFrog Artifactory是以色列JFrog公司的一款开源的通用Artifact存储库管理器，它支持集群和高可用性Docker注册表，并提供端到端的用于跟踪从开发到生产的工件自动化解决方案。 Jfrog Artifactory 6.17.0之前版本存在安全漏洞，该漏洞源于使用管理帐户的默认密码(如“password”)，不要求用户更改它们。攻击者可利用该漏洞完全破坏Jfrog Artifactory。

Description

Jfrog Artifactory prior to 6.17.0 uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory.

File Snapshot


 id: CVE-2019-17444

info:
  name: Jfrog Artifactory <6.17.0 - Default Admin Password
  author: pdtea

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!