1. CVE-Search
  2. CVE-2016-10036
ID CVE-2016-10036
Summary Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.
References
Vulnerable Configurations
  • cpe:2.3:a:jfrog:artifactory:1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.0:-:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.0:-:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.0:beta3:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.0:beta3:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.0:beta4:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.0:beta4:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.0:beta5:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.0:beta5:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.0:beta6:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.0:beta6:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.0:rc1:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.0:rc1:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.0:rc2:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.0:rc2:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.4.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.4.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.4.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.4.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.4.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.4.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.4:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.4:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.5:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.5:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.7.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.7.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.7.1-snapshot:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.7.1-snapshot:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.1-hap-624:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.1-hap-624:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.4:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.4:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.4.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.4.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.5.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.5.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.5.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.5.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.5.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.5.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.5.1.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.5.1.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.5.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.5.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.6.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.6.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.6.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.6.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.6.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.6.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.6.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.6.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.6.4:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.6.4:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.6.5:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.6.5:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.6.6:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.6.6:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.6.7:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:2.6.7:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:2.7.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.7.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.7.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.7.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.7.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.7.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.8.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.8.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.8.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.8.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.8.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.8.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.9.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.9.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.9.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.9.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.9.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.9.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.10.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.10.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.10.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.10.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.10.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.10.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.10.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.10.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.10.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.10.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.11.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.11.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.12.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.12.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.12.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.12.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.12.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.12.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.13.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.13.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.13.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.13.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.14.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.14.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.15.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.15.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.15.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.15.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.16.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.16.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.16.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.16.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.16.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.16.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.0.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.0.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.0.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.0.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.0.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.0.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.0.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.0.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.0.4:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.0.4:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.1.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.1.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.1.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.1.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.2.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.2.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.2.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.2.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.2.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.2.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.2.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.2.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.2.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.2.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.2.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.3.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.3.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.3.0.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.3.0.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.3.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.3.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.4.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.4.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.4.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.4.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.4.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.4.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.5.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.5.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.5.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.5.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.5.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.5.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.5.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.5.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.6.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.6.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.6.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.6.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.7.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.7.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.8.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.8.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.9.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.9.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.9.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.9.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.9.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.9.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.9.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.9.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.9.4:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.9.4:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:3.9.5:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:3.9.5:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.0.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.0.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.0.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.0.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.0.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.0.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.1.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.1.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.1.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.1.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.1.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.1.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.2.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.2.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.2.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.2.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.2.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.2.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.3.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.3.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.3.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.3.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.3.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.3.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.3.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.3.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.4.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.4.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.4.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.4.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.4.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.4.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.4.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.4.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.5.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.5.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.5.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.5.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.5.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.5.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.6.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.6.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.6.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.6.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.7.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.7.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.7.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.7.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.7.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.7.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.7.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.7.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.7.4:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.7.4:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.7.5:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.7.5:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.7.6:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.7.6:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.7.7:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.7.7:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.8.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.8.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.8.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.8.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.8.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.8.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.9.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.9.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.9.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.9.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.10.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.10.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.11.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.11.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.11.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.11.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.11.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.11.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.12.0.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.12.0.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.12.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.12.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.12.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.12.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.13.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.13.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.13.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.13.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.13.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.13.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.14.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.14.0:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.14.1:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.14.1:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.14.2:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.14.2:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.14.3:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.14.3:*:*:*:*:-:*:*
  • cpe:2.3:a:jfrog:artifactory:4.15.0:*:*:*:*:-:*:*
    cpe:2.3:a:jfrog:artifactory:4.15.0:*:*:*:*:-:*:*
CVSS
Base: 7.5 (as of 13-06-2018 - 14:23)
Impact:
Exploitability:
CWE CWE-434
CAPEC
  • Accessing Functionality Not Properly Constrained by ACLs
    In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory4.16
exploit-db 44543
misc http://packetstormsecurity.com/files/147378/Jfrog-Artifactory-Code-Execution-Shell-Upload.html
Last major update 13-06-2018 - 14:23
Published 01-05-2018 - 19:29
Last modified 13-06-2018 - 14:23
Back to Top