JFrog Platform Vulnerable to Header Injection Attacks

CVE-2024-2248
6.4MEDIUM

Key Information

Vendor
Jfrog
Status
Artifactory
Vendor
CVE Published:
15 May 2024

Summary

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email.

Affected Version(s)

Artifactory < 7.85.0

Artifactory < 7.84.7

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.