Lucene search
K

311 matches found

The Hacker News
The Hacker News
added 2024/07/15 4:18 p.m.27 views

GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index PyPI, and the Python Software Foundation PSF. JFrog, which found the GitHub Personal Access Token, sai...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/15 3:14 a.m.3 views

Malicious code in jfrog-ci-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ca6b5be5ca78626dbb231ce098412b200202572a0c8a3513b2a666e342d8004 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/15 3:14 a.m.2 views

Malicious code in jfrog-jfconfig-grpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 177a2d1912b1051b4347d51ff6410db1077d40c3cd21468d673acef023e3e1da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/07/15 3:14 a.m.12 views

MAL-2024-7753 Malicious code in jfrog-jfconfig-grpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 177a2d1912b1051b4347d51ff6410db1077d40c3cd21468d673acef023e3e1da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Veeam
Veeam
added 2024/06/13 12:0 a.m.18 views

How to Configure an Air-Gapped Veeam Kasten for Kubernetes Deployment Using JFrog Artifactory

Purpose This article provides a step-by-step approach to configuring a JFrog Artifactory server and installing Veeam Kasten for Kubernetes. This allows for creating an air-gapped installation using a private container registry to install Veeam Kasten for Kubernetes. While this can always be done...

7.3AI score
Exploits0
OSV
OSV
added 2024/05/29 10:40 a.m.20 views

BIT-ARTIFACTORY-2024-2248

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 SaaS and 7.84.7 Self-Hosted may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email...

6.4CVSS6.5AI score0.00267EPSS
Exploits0References2
NVD
NVD
added 2024/05/15 1:15 p.m.12 views

CVE-2024-2248

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 SaaS and 7.84.7 Self-Hosted may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email...

6.4CVSS6.5AI score0.00267EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 1:13 p.m.33 views

CVE-2024-2248

CVE-2024-2248 is a header injection vulnerability in JFrog Platform affecting versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted). The issue could let an attacker take over a user’s account when a victim clicks a specially crafted URL sent to their email. The CVSS v3.1 base score is 6.4 (Medium...

6.4CVSS6.5AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/15 1:13 p.m.18 views

CVE-2024-2248 JFrog Artifactory Header Injection

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 SaaS and 7.84.7 Self-Hosted may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email...

6.4CVSS6.7AI score0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/15 1:13 p.m.14 views

CVE-2024-2248 JFrog Artifactory Header Injection

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 SaaS and 7.84.7 Self-Hosted may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email...

6.4CVSS7.1AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.4 views

JFrog 输入验证错误漏洞

JFrog is an application from JFrog, Inc. provides you with an end-to-end pipeline to control the flow of binaries from build to production. An input validation error vulnerability exists in JFrog versions 7.85.0 SaaS and 7.84.7 Self-Hosted, which stems from a vulnerability that allows an attacker...

6.4CVSS6.6AI score0.00267EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 7:16 a.m.26 views

BIT-ARTIFACTORY-2024-4142

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...

9CVSS9.2AI score0.00668EPSS
Exploits0References2
NVD
NVD
added 2024/05/01 9:15 p.m.11 views

CVE-2024-4142

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...

9CVSS9.2AI score0.00668EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/01 8:18 p.m.11 views

CVE-2024-4142 JFrog Artifactory Improper input validation within token creation flow

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...

9CVSS7.1AI score0.00668EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/01 8:18 p.m.45 views

CVE-2024-4142 JFrog Artifactory Improper input validation within token creation flow

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with...

9CVSS9.4AI score0.00668EPSS
Exploits0References1
CVE
CVE
added 2024/05/01 8:18 p.m.88 views

CVE-2024-4142

CVE-2024-4142 describes an improper input validation vulnerability in JFrog Artifactory that can enable privilege escalation. Multiple connected sources confirm the issue arises from the token creation flow and allows users with low privileges to gain administrative access, potentially even when ...

9CVSS6.9AI score0.00668EPSS
Exploits0References1
NVD
NVD
added 2024/04/15 8:15 a.m.19 views

CVE-2024-3505

JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments...

4.3CVSS4.2AI score0.00413EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/15 7:42 a.m.18 views

CVE-2024-3505 JFrog Self-Hosted Artifactory Proxy configuration accessible to low-privilege users

JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments...

4.3CVSS6.1AI score0.00413EPSS
Exploits0References1
CVE
CVE
added 2024/04/15 7:42 a.m.68 views

CVE-2024-3505

CVE-2024-3505 affects JFrog Artifactory Self-Hosted: versions prior to 7.77.3 are vulnerable to information disclosure where a low-privileged authenticated user can read the proxy configuration. The issue does not impact JFrog cloud deployments. Remediation: upgrade to 7.77.3 or later (as stated ...

4.3CVSS6AI score0.00413EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/15 7:42 a.m.23 views

CVE-2024-3505 JFrog Self-Hosted Artifactory Proxy configuration accessible to low-privilege users

JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments...

4.3CVSS4.5AI score0.00413EPSS
Exploits0References1
Rows per page
Query Builder