Headline
CVE-2022-0668: CVE-2022-0668: Artifactory Authentication Bypass - JFrog
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.
****How to fix******Cloud Environments**
Affected Cloud environments have already been fortified with a fixed version.
No action is required for cloud instances.
Self Hosted Environments
To fix this issue, there is required action.
Upgrade your version of Artifactory or Edge to one of the versions listed below:
****Exploitation Status****
JFrog is not aware of publicly available exploits and malicious exploitation attempts.
****Weakness Type****
CWE-274: Improper Handling of Insufficient Privileges
****Acknowledgements****
This issue was discovered and reported by Matthias Kaiser and Jonni Passki of Apple Information Security.
****We Are Here For Your Questions (JFrog Support Team)****
If you have questions or concerns regarding this advisory, please raise a support request at JFrog support portal.