JFrog < 6.23.0 Multiple Vulnerabilities

critical Nessus Plugin ID 147722
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

Determines if the remote JFrog Artifactory installation is affected by multiple vulnerabilities

Description

According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 6.23.0. It is, therefore, affected by multiple vulnerabilities:

- The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation. (CVE-2017-18640)

- The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. (CVE-2019-12402)

- The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. (CVE-2019-20104)

- Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. (CVE-2020-15586)

- PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, an attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. (CVE-2020-7692)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to JFrog Artifactory 6.23.0 or later.

See Also

http://www.nessus.org/u?8dc55d3d

Plugin Details

Severity: Critical

ID: 147722

File Name: jfrog_artifactory_6_23_0.nasl

Version: 1.2

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 3/12/2021

Updated: 3/15/2021

Dependencies: jfrog_artifactory_win_installed.nbin, jfrog_artifactory_nix_installed.nbin, os_fingerprint.nasl

Risk Information

CVSS Score Source: CVE-2020-7692

VPR

Risk Factor: Medium

Score: 6

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:jfrog:artifactory

Required KB Items: installed_sw/Artifactory

Exploit Ease: No known exploits are available

Patch Publication Date: 2/10/2020

Vulnerability Publication Date: 2/6/2020

Reference Information

CVE: CVE-2017-18640, CVE-2019-12402, CVE-2019-20104, CVE-2020-7692, CVE-2020-15586