CVE-2021-45074
MEDIUMJFrog Artifactory 6.0.0-6.23.38 - Broken Access Control on OAuth Token Deletion
Title source: llmDescription
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories
Vendor Advisory x_refsource_misc
https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45074%3A+Artifactory+Broken+Access+Control+on+Delete+OAuth+Tokens
Scores
CVSS v3
4.3
EPSS
0.0061
EPSS Percentile
44.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-284
Status
published
Products (1)
jfrog/artifactory
6.0.0 - 6.23.38
Published
Mar 02, 2022
Tracked Since
Feb 18, 2026