Lucene search

JFROGCVELIST:CVE-2023-42509

HistoryMar 07, 2024 - 2:07 p.m.

CVE-2023-42509 JFrog Artifactory Sensitive Data Leakage in Repository configuration process

2024-03-0714:07:09

CWE-755

JFROG

www.cve.org

cve-2023-42509

vulnerability

data leakage

repository configuration

jfrog artifactory

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Artifactory",
    "vendor": "JFrog",
    "versions": [
      {
        "lessThan": "7.77.0",
        "status": "affected",
        "version": "7.17.4",
        "versionType": "custom"
      }
    ]
  }
]

References

jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-42509