Description
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.
Remediation
References
Related Vulnerabilities
Internet Information Services Configuration Vulnerability (CVE-1999-0725)
MySQL CVE-2016-5630 Vulnerability (CVE-2016-5630)
Ruby Improper Input Validation Vulnerability (CVE-2009-4492)
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-27903)
WordPress 2.3.1 Unauthorized Post Access Vulnerability (2.3.1)