BIT-ARTIFACTORY-2024-6915

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning...

CVE-2024-6915

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning...

CVE-2024-6915 JFrog Artifactory Cache Poisoning

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning...

CVE-2024-6915

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning. The CVE-2024-6915 entry notes an attack surface with network-based access and requires no user interac...

CVE-2024-6915 JFrog Artifactory Cache Poisoning

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning...

JFrog Artifactory 输入验证错误漏洞

JFrog Artifactory is a solution from JFrog for managing and delivering binaries in the software supply chain. An input validation error vulnerability exists in JFrog Artifactory that stems from vulnerability to incorrect input validation, which can lead to cache poisoning...

How to Configure an Air-Gapped Veeam Kasten for Kubernetes Deployment Using JFrog Artifactory

Purpose This article provides a step-by-step approach to configuring a JFrog Artifactory server and installing Veeam Kasten for Kubernetes. This allows for creating an air-gapped installation using a private container registry to install Veeam Kasten for Kubernetes. While this can always be done...

BIT-ARTIFACTORY-2024-2248

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 SaaS and 7.84.7 Self-Hosted may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email...

CVE-2024-2248 JFrog Artifactory Header Injection

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 SaaS and 7.84.7 Self-Hosted may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email...

CVE-2024-2248 JFrog Artifactory Header Injection

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 SaaS and 7.84.7 Self-Hosted may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email...

BIT-ARTIFACTORY-2024-4142

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...

CVE-2024-4142

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...

CVE-2024-4142 JFrog Artifactory Improper input validation within token creation flow

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...

CVE-2024-4142 JFrog Artifactory Improper input validation within token creation flow

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...

CVE-2024-4142

CVE-2024-4142 describes an improper input validation vulnerability in JFrog Artifactory that can enable privilege escalation. Multiple connected sources confirm the issue arises from the token creation flow and allows users with low privileges to gain administrative access, potentially even when ...

PT-2024-29391 · Jfrog · Jfrog Artifactory

Name of the Vulnerable Software and Affected Versions: JFrog Artifactory versions prior to 7.84.5 Description: An improper input validation issue could potentially lead to privilege escalation, allowing users with low privileges to gain administrative access to the system. This issue can also be...

CVE-2024-3505

JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments...

CVE-2024-3505

JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments...

CVE-2024-3505

CVE-2024-3505 affects JFrog Artifactory Self-Hosted: versions prior to 7.77.3 are vulnerable to information disclosure where a low-privileged authenticated user can read the proxy configuration. The issue does not impact JFrog cloud deployments. Remediation: upgrade to 7.77.3 or later (as stated ...

CVE-2024-3505 JFrog Self-Hosted Artifactory Proxy configuration accessible to low-privilege users

JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments...