JFrog Artifactory Vulnerability: User Access Tokens at Risk
CVE-2023-42662

6.5MEDIUM

Key Information:

Vendor: Jfrog
Status: Artifactory
Vendor: CVE Published:; 7 March 2024

What is CVE-2023-42662?

Versions of JFrog Artifactory from 7.59 to below 7.59.18, including 7.63.18, 7.68.19, and 7.71.8, exhibit a vulnerability where user access tokens may be exposed. This occurs through improper handling of specially crafted URLs that involve user interaction with the command-line interface (CLI) or integrated development environment (IDE) browser-based SSO solutions. The flawed SSO integration poses a risk of unauthorized access if malicious URLs are utilized, thus necessitating immediate attention to safeguard user credentials.

Affected Version(s)

Artifactory 7.59 < 7.59.18

Artifactory 7.59 < 7.63.18

Artifactory 7.59 < 7.68.19

References

https://jfrog.com/help/r/jfrog-release-information/jfrog-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2024
Vulnerability Reserved
Sep 12, 2023

Jfrog

What is CVE-2023-42662?

Affected Version(s)

References

CVSS V3.1

Timeline