CVE-2023-42662 — Improper Authentication in Artifactory

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.5MEDIUMNVD

CNA9.3

EPSS

0.3%

top 48.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jfrog Artifactory

Timeline

PublishedMar 7

Description

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5jfrog/artifactory7.59 — 7.59.18+3

▶NVDjfrog/artifactory7.59.0 — 7.59.18+3

🔴Vulnerability Details

GHSA

GHSA-vf92-j6mr-cjmj: JFrog Artifactory versions 7↗2024-03-07

▶

CVEList

JFrog Artifactory Improper SSO Mechanism may lead to Exposure of Access Tokens↗2024-03-07

▶