CVE-2019-19937

In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
Configurations

Configuration 1 (hide)

cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:35

Type Values Removed Values Added
References () https://www.jfrog.com/confluence/display/RTF6X/Importing+and+Exporting - Vendor Advisory () https://www.jfrog.com/confluence/display/RTF6X/Importing+and+Exporting - Vendor Advisory
References () https://www.jfrog.com/confluence/display/RTF6X/Release+Notes#ReleaseNotes-Artifactory6.18 - Release Notes () https://www.jfrog.com/confluence/display/RTF6X/Release+Notes#ReleaseNotes-Artifactory6.18 - Release Notes
References () https://www.secureworks.com/research/subject/advisories - Third Party Advisory () https://www.secureworks.com/research/subject/advisories - Third Party Advisory

Information

Published : 2020-03-16 20:15

Updated : 2024-11-21 04:35


NVD link : CVE-2019-19937

Mitre link : CVE-2019-19937

CVE.ORG link : CVE-2019-19937


JSON object : View

Products Affected

jfrog

  • artifactory
CWE
CWE-862

Missing Authorization