Lucene search

JFROGVULNRICHMENT:CVE-2023-42509

HistoryMar 07, 2024 - 2:07 p.m.

CVE-2023-42509 JFrog Artifactory Sensitive Data Leakage in Repository configuration process

2024-03-0714:07:09

CWE-755

JFROG

github.com

cve-2023-42509

jfrog artifactory

sensitive data leakage

repository configuration

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*"
    ],
    "vendor": "jfrog",
    "product": "artifactory",
    "versions": [
      {
        "status": "affected",
        "version": "7.17.4",
        "lessThan": "7.77.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-42509