JFrog Platform Vulnerable to Header Injection Attacks
CVE-2024-2248
6.4MEDIUM
Key Information
- Vendor
- Jfrog
- Status
- Artifactory
- Vendor
- CVE Published:
- 15 May 2024
Summary
A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email.
Affected Version(s)
Artifactory < 7.85.0
Artifactory < 7.84.7
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database