Description
JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.
Remediation
References
Related Vulnerabilities
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-13662)
WordPress Plugin ChikunCount Arbitrary File Upload (1.3)
WordPress Plugin Fancy Gallery 'image-upload.php' Arbitrary File Upload (1.2.4)
IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-4946)
WordPress Plugin SoundCloud Is Gold Cross-Site Scripting (2.3.1)