Lucene search

GoogleOSV:BIT-ARTIFACTORY-2023-42662

HistoryMar 31, 2024 - 6:16 p.m.

BIT-artifactory-2023-42662

2024-03-3118:16:51

Google

osv.dev

jfrog artifactory

vulnerability

user interaction

urls

access tokens

cli

ide

sso integration

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.

CPENameOperatorVersion
artifactoryge7.59.0
artifactoryge7.60.0
artifactoryge7.64.0
artifactorylt7.63.18
artifactoryge7.69.0
artifactorylt7.68.19
artifactorylt7.71.8
artifactorylt7.59.18

Name	Operator	Version
artifactory	ge	7.59.0
artifactory	ge	7.60.0
artifactory	ge	7.64.0
artifactory	lt	7.63.18
artifactory	ge	7.69.0
artifactory	lt	7.68.19
artifactory	lt	7.71.8
artifactory	lt	7.59.18

References

jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for OSV:BIT-ARTIFACTORY-2023-42662