BIT-artifactory-2022-0573

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/artifactory/BIT-artifactory-2022-0573.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-artifactory-2022-0573

Aliases

CVE-2022-0573

Published

2024-03-06T10:51:05.379Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.

Database specific

{
    "cpes": [
        "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*",
        "cpe:2.3:a:jfrog:artifactory:7.35.0:*:*:*:*:-:*:*",
        "cpe:2.3:a:jfrog:artifactory:7.36.0:*:*:*:*:-:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / artifactory

Package

Name: artifactory
Purl: pkg:bitnami/artifactory

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

6.0.0

Fixed

6.23.41

Introduced

7.0.0

Fixed

7.17.16

Introduced

7.18.0

Fixed

7.18.12

Introduced

7.19.0

Fixed

7.19.13

Introduced

7.21.0

Fixed

7.21.25

Introduced

7.25.0

Fixed

7.25.9

Introduced

7.27.0

Fixed

7.27.15

Introduced

7.29.0

Fixed

7.29.10

Introduced

7.31.0

Fixed

7.31.16

Introduced

7.33.0

Fixed

7.33.12

Introduced

7.34.0

Fixed

7.34.4

Introduced

7.35.0

Fixed

7.35.1

Introduced

7.36.0

Fixed

7.36.1