CVE ID | Severity | Date Published | Date Updated |
---|---|---|---|
CVE-2023-42509 | Medium | 7 Mar 24 | 7 Mar 24 |
Description
JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.
Severity
Medium
CVSSv3.1 Base Score: 6.6 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
Product | Affected Versions | Patched Versions |
---|---|---|
Artifactory (7.x) | 7.17.4 and later but prior to version 7.77.0 |
|
Required Configurations for Exposure
This vulnerability affects all JFrog Artifactory deployments.
How to Fix
Cloud Environments: Affected Cloud environments have already been upgraded with a fixed version. No action is required for cloud instances.
Self Hosted Environments: To fix this issue, the following action is required.
Upgrade your version of Artifactory to one of the versions listed below:
Workarounds and Mitigations
No workarounds
Weakness Type
CWE-755: Improper Handling of Exceptional Conditions
Acknowledgements
This issue was discovered and reported by Matthias Kaiser from Apple Information Security.
We Are Here For Your Questions (JFrog Support Team)
If you have questions or concerns regarding this advisory, please raise a support request at JFrog support portal.