CVE-2023-42661Improper Input Validation in Artifactory

CWE-20Improper Input Validation3 documents3 sources
Severity
8.8HIGHNVD
CNA7.2
EPSS
1.3%
top 20.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jfrog Artifactory
Timeline
PublishedMar 7

Description

JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5jfrog/artifactory< 7.76.2
NVDjfrog/artifactory< 7.76.2

🔴Vulnerability Details

2
GHSA
GHSA-362p-vjvc-766v: JFrog Artifactory prior to version 72024-03-07
CVEList
JFrog Artifactory Improper input validation leads to arbitrary file write2024-03-07
CVE-2023-42661 — Improper Input Validation | cvebase