Broken Access Control in JFrog Artifactory: Unauthorized Repository Layout Configuration by Project Admins

Broken Access Control in JFrog Artifactory: Unauthorized Repository Layout Configuration by Project Admins

CVE-2021-45730 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.

Learn more about our Web Application Penetration Testing UK.