CVE-2022-0573

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
JFROGCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
jfrogartifactory
6.0.0 ≤
𝑥
< 6.23.41
jfrogartifactory
7.0.0 ≤
𝑥
< 7.17.16
jfrogartifactory
7.18.0 ≤
𝑥
< 7.18.12
jfrogartifactory
7.19.0 ≤
𝑥
< 7.19.13
jfrogartifactory
7.21.0 ≤
𝑥
< 7.21.25
jfrogartifactory
7.25.0 ≤
𝑥
< 7.25.9
jfrogartifactory
7.27.0 ≤
𝑥
< 7.27.15
jfrogartifactory
7.29.0 ≤
𝑥
< 7.29.10
jfrogartifactory
7.31.0 ≤
𝑥
< 7.31.16
jfrogartifactory
7.33.0 ≤
𝑥
< 7.33.12
jfrogartifactory
7.34.0 ≤
𝑥
< 7.34.4
jfrogartifactory
7.35.0
jfrogartifactory
7.36.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Data
https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories
https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+Vulnerable+to+Deserialization+of+Untrusted+Data
https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories