CVE ID | Severity | Date Published | Date Updated |
---|---|---|---|
CVE-2023-42662 | CRITICAL | 6 Mar 24 | 6 Mar 24 |
Description
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.
Severity
CRITICAL
Affected Products
Product | Affected Versions | Patched Versions |
---|---|---|
Artifactory |
|
|
How to Fix
Cloud Environments: Affected Cloud environments have already been fortified with a fixed version. No action is required for cloud instances.
Self Hosted Environments: Update to one of a fixed version
Workarounds and Mitigations
Block access to the CLI token exchange API endpoint: https://Artifactory-Host/access/api/v2/authentication/jfrog_client_login/token/*
Weakness Type
CWE-287: CWE-287 Improper Authentication
Acknowledgements
N/A
We Are Here For Your Questions (JFrog Support Team)
If you have questions or concerns regarding this advisory, please raise a support request at JFrog support portal.