Jfrog Artifactory 漏洞列表
共找到 5 个与 Jfrog Artifactory 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2019-17444: Jfrog Artifactory <6.17.0 - Default Admin Password POC
Jfrog Artifactory prior to 6.17.0 uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. -
CVE-2019-9733: JFrog Artifactory 6.7.3 - Admin Login Bypass POC
JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory. -
CVE-2019-17444: Jfrog Artifactory <6.17.0 - Default Admin Password POC
Jfrog Artifactory prior to 6.17.0 uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. -
CVE-2019-9733: JFrog Artifactory 6.7.3 - Admin Login Bypass POC
JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory. -
Jfrog Artifactory 默认密码(CVE-2019-17444) 无POC
JFrog Artifactory 是目前全球唯一的支持所有开发语言,功能最强大的二进制制品仓库。在Google、Apple、思科、甲骨文、华为、腾讯等众多世界500强公司中都有大规模使用,在二进制软件制品管理领域处于绝对领先地位。JfrogArtifactory 对管理帐户使用默认密码,这可能允许未经授权的基于网络的攻击者完全破坏 Jfrog Artifactory。此问题影响 6.17.0之前的 Jfrog Artifactory 版本