Lucene search

[email protected]NVD:CVE-2024-2248

HistoryMay 15, 2024 - 1:15 p.m.

CVE-2024-2248

2024-05-1513:15:26

CWE-20

[email protected]

web.nvd.nist.gov

jfrog

saas

self-hosted

header injection

account takeover

url crafted

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

EPSS

Percentile

9.0%

JSON

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user’s account when clicking on a specially crafted URL sent to the victim’s user email.

References

jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-2248

vulnrichment1 cve1 osv1 cvelist1