CVE-2019-19937

HIGH

JFrog Artifactory < 6.18 - Missing Authorization for System and Repository Imports

Title source: llm
STIX 2.1

Description

In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results."

References (3)

Core 3

Scores

CVSS v3 7.2
EPSS 0.0149
EPSS Percentile 71.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
jfrog/artifactory < 6.18
Published Mar 16, 2020
Tracked Since Feb 18, 2026