CVE ID | Severity | CWE / Weakness Type | Date Published | Date Updated |
---|---|---|---|---|
CVE-2024-4142 | Critical | CWE-20 Improper Input Validation | 1 May 24 |
Description
An Improper input validation vulnerability was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system, an issue that could potentially lead to privilege escalation.
This issue can also be exploited in Artifactory platforms with anonymous access enabled.
Affected Products
Product | Affected Version | Patched Versions |
---|---|---|
Artifactory Self-Hosted | <7.55.17 <7.59.22 <7.63.21 <7.68.21 <7.71.21 <7.77.11 | 7.55.17 7.59.22 7.63.21 7.68.21 7.71.21 7.77.11 |
Artifactory Cloud | <7.84.6 | 7.84.6 |
How to Fix
Cloud environments: No action is required for Cloud environments: the affected environments have already been protected.
Self-Hosted environments: Update to one of the provided patched/ fixed versions listed above.
To apply the security fix, you must upgrade your version of JFrog Artifactory to one of the remediating versions.
To download and install remediating versions, click here. Please ensure that you select the correct patch for your current installation from the Product Version drop-down list.
For further details on how to upgrade to any of the remediating versions from your current installation, please refer to the JFrog Artifactory Upgrade Guide.
Acknowledgements
This issue was discovered and reported by Matthias Kaiser of Apple Information Security.