BIT-artifactory-2023-42662

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/artifactory/BIT-artifactory-2023-42662.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-artifactory-2023-42662

Aliases

CVE-2023-42662

Published

2024-03-31T18:16:51.940Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.

Database specific

{
    "cpes": [
        "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / artifactory

Package

Name: artifactory
Purl: pkg:bitnami/artifactory

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.59.0

Fixed

7.59.18

Introduced

7.60.0

Fixed

7.63.18

Introduced

7.64.0

Fixed

7.68.19

Introduced

7.69.0

Fixed

7.71.8