cbcvebase.
CVE-2024-2248
published 2024-05-15

CVE-2024-2248: A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end…

PriorityP431medium6.4CVSS 3.1
AVNACHPRNUIRSUCLILAH
EPSS
0.27%
18.2th percentile
A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email.

Affected

2 ranges
VendorProductVersion rangeFixed in
jfrogartifactory< 7.85.07.85.0
jfrogartifactory< 7.84.77.84.7
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.