CVE-2019-19937

In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
jfrogartifactory
𝑥
< 6.18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.jfrog.com/confluence/display/RTF6X/Importing+and+Exporting
https://www.jfrog.com/confluence/display/RTF6X/Release+Notes#ReleaseNotes-Artifactory6.18
https://www.secureworks.com/research/subject/advisories
https://www.jfrog.com/confluence/display/RTF6X/Importing+and+Exporting
https://www.jfrog.com/confluence/display/RTF6X/Release+Notes#ReleaseNotes-Artifactory6.18
https://www.secureworks.com/research/subject/advisories