The following is a list of vulnerabilities that do not have a CVE that impacted Artifactory and have been fixed.
Description | Severity | Artifactory Fix Version |
---|---|---|
Updated | High | 7.21.3 |
Excluded the | Medium | 7.21.3 |
Upgraded | High | 7.21.3 |
Upgraded to | High | 7.21.3 |
Upgraded | Critical | 7.21.3 |
Under certain circumstances, authenticated users were able to:
| Critical | 6.13.3, 6.14.4, 6.15.2, 6.16.2, 6.17.1, 6.18.1, 7.3.2 |
Under certain circumstances, users could gain access to application data that should otherwise be exposed only to administrators. | Critical | 6.8.14, 6.9.3, 6.10.4 |
Under certain circumstances, an unauthorized user may be able to send malformed REST API calls to Artifactory that execute under the identity of another user. | Critical |
|
A SAML-related authentication vulnerability potentially exposed Artifactory to XSW attacks which could sniff and manipulate SAML communications causing the incorrect verification of a SAML login response. This could potentially allow the attacker to gain access to any user in Artifactory. | High | 6.5.13 |