CVE-2021-41834




JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.


We have discovered 16 live websites that are affected by CVE-2021-41834.

Contact us to get more info



Affected Software

Product  Artifactory
Category Dev Tools
Vulnerable Versions
  • from 6 before 6.23.38
  • from 7 before 7.28
Total Vulnerable Versions22
Vulnerable Domains16 live websites (53.33% of Artifactory install base)


Common Weakness Enumeration


CWE-284 Improper Access Control


Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2021-41834 and the relative popularity of websites


Details

  • Published - May 23, 2022
  • Updated - May 23, 2022





Countries

United States2 websites


Germany5 websites
Antiguaand Barbuda4 websites
France3 websites
French Polynesia1 websites
Russia1 websites

TLDs

.com3 websites
.net2 websites
.org2 websites
.fr1 websites
.io1 websites
.ru1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2021-41834 through included software libraries and plugins.



References


Websites affected by CVE-2021-41834

Top websites that are affected by CVE-2021-41834. Please click on the "Contact us" button above to get more information.
DomainCountryRankContacts
**********.******.org France*,***,***
****************.****.*****.fr France*,***,***
***********.*********.******.net Germany**,***,***
***.***.pf French Polynesia**,***,***
****.*******.com Germany**,***,***
****.******.***.ag Antiguaand Barbuda**,***,***
*****.************.com Germany**,***,***
*********************.******.***.ag Antiguaand Barbuda**,***,***
*****.**********.io Germany**,***,***
*********.******.***.ag Antiguaand Barbuda**,***,***
See full domain list