Detections
Analytics
JFrog Artifactory Artifacts Repository Detected
medium Web App Scanning Plugin ID 115095
Language:
Synopsis
JFrog Artifactory Artifacts Repository DetectedDescription
JFrog Artifactory is a popular repository management tool used to store and manage software artifacts. If the Artifacts repository is detected and accessible, it may expose sensitive information or allow unauthorized access to stored artifacts.Solution
If the application is not expected to be public, disable anonymous access in the Artifactory administration settings. Alternatively, restrict access using network access controls (ACLs) or web server configuration (e.g., .htaccess for Apache, allow/deny for Nginx) to limit access to known IP addresses.See Also
https://jfrog.com/help/r/jfrog-rest-apis/artifactory-rest-apis
Plugin Details
Severity: Medium
ID: 115095
Type: remote
Family: Component Vulnerability
Published: 1/5/2026
Updated: 1/5/2026
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Low
Score: 2.2
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score Source: Tenable
CVSS v4
Risk Factor: Medium
Base Score: 6.9
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score Source: Tenable
Vulnerability Information
CPE: cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*
Reference Information
CWE: 276
OWASP: 2010-A4, 2013-A4, 2013-A9, 2017-A5, 2017-A9, 2021-A1, 2021-A6
WASC: Insufficient Authorization
DISA STIG: APSC-DV-000500, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2), 164.312(a)(1), 164.312(a)(2)(i)
ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.14.2.5, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-3, sp800_53-CM-6b
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-14.2.1