JFrog Artifactory Vulnerable to Cache Poisoning Due to Improper Input Validation
CVE-2024-6915

9.3CRITICAL

Key Information:

Vendor: Jfrog
Status: Artifactory
Vendor: CVE Published:; 5 August 2024

What is CVE-2024-6915?

The vulnerability in JFrog Artifactory is characterized by improper input validation in certain versions, which can potentially be exploited to perform cache poisoning attacks. This flaw affects multiple versions, making it critical for users to ensure their systems are up to date by applying the latest security patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Artifactory 0 < 7.90.6

Artifactory 0 < 7.84.20

Artifactory 0 < 7.77.14

References

https://jfrog.com/help/r/jfrog-release-information/jfrog-...

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2024
Vulnerability Reserved
Jul 19, 2024

Credit

Michael Stepankin (artsploit) from GitHub Security Lab

Jfrog

What is CVE-2024-6915?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit