Broken Access Control in JFrog Artifactory: Unauthorized Repository Layout Configuration by Project Admins
CVE-2021-45730 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.
Learn more about our Web Application Penetration Testing UK.