CVE-2019-19937
HIGH severity · CVSS 7.2 · Missing authorization
7.2CVSS HIGH
Summary
In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredHigh
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)1%
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.