JFrog Artifactory vulnerability: Sensitive data exposure due to improper exception handling
CVE-2023-42509

7.5HIGH

Key Information:

Vendor: Jfrog
Status: Artifactory
Vendor: CVE Published:; 7 March 2024

What is CVE-2023-42509?

A vulnerability exists in JFrog Artifactory versions from 7.17.4 to 7.77.0, which arises from a sequence of improperly handled exceptions during the initialization of repository configurations. This flaw can potentially expose sensitive data, creating risks for organizations utilizing affected versions of the product. Users are encouraged to review their configurations and upgrade to supported versions to mitigate potential exposure of sensitive information.

Affected Version(s)

Artifactory 7.17.4 < 7.77.0

References

https://jfrog.com/help/r/jfrog-release-information/jfrog-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2024
Vulnerability Reserved
Sep 11, 2023

Jfrog

What is CVE-2023-42509?

Affected Version(s)

References

CVSS V3.1

Timeline