Vulnerability Description
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jfrog | Artifactory | >= 6.0.0, < 6.23.41 |
Related Weaknesses (CWE)
References
- https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+VulnMitigationPatchVendor Advisory
- https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+AdvisoriesVendor Advisory
- https://www.jfrog.com/confluence/display/JFROG/CVE-2022-0573%3A+Artifactory+VulnMitigationPatchVendor Advisory
- https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+AdvisoriesVendor Advisory
FAQ
What is CVE-2022-0573?
CVE-2022-0573 is a vulnerability with a CVSS score of 8.8 (HIGH). JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted ...
How severe is CVE-2022-0573?
CVE-2022-0573 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0573?
Check the references section above for vendor advisories and patch information. Affected products include: Jfrog Artifactory.