CVE-2020-7931

In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
jfrogartifactory
𝑥
< 5.11.8
jfrogartifactory
6.0.0 ≤
𝑥
< 6.1.6
jfrogartifactory
6.2.0 ≤
𝑥
< 6.3.9
jfrogartifactory
6.4.0 ≤
𝑥
< 6.7.8
jfrogartifactory
6.8.0 ≤
𝑥
< 6.8.17
jfrogartifactory
6.9.0 ≤
𝑥
< 6.9.6
jfrogartifactory
6.10.0 ≤
𝑥
< 6.10.9
jfrogartifactory
6.11.0 ≤
𝑥
< 6.11.7
jfrogartifactory
6.12.0 ≤
𝑥
< 6.12.3
jfrogartifactory
6.13.0 ≤
𝑥
< 6.13.2
jfrogartifactory
6.14.0 ≤
𝑥
< 6.14.2
jfrogartifactory
6.15.0 ≤
𝑥
< 6.15.1
𝑥
= Vulnerable software versions
References
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2019-0006.md
https://www.jfrog.com/confluence/display/RTF/Release+Notes
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2019-0006.md
https://www.jfrog.com/confluence/display/RTF/Release+Notes