CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-6915 – JFrog Artifactory Cache Poisoning
https://notcve.org/view.php?id=CVE-2024-6915
JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning. • https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2248 – JFrog Artifactory Header Injection
https://notcve.org/view.php?id=CVE-2024-2248
A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email. Una vulnerabilidad de inyección de encabezado en la plataforma JFrog en versiones inferiores a 7.85.0 (SaaS) y 7.84.7 (autohospedado) puede permitir que actores de amenazas se apoderen de la cuenta del usuario final al hacer clic en una URL especialmente manipulada y enviada al correo electrónico del usuario de la víctima. • https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-4142 – JFrog Artifactory Improper input validation within token creation flow
https://notcve.org/view.php?id=CVE-2024-4142
An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with anonymous access enabled. Se descubrió en JFrog Artifactory una vulnerabilidad de validación de entrada incorrecta que podría conducir a una escalada de privilegios. Debido a esta vulnerabilidad, los usuarios con privilegios bajos pueden obtener acceso administrativo al sistema. Este problema también se puede aprovechar en plataformas Artifactory con acceso anónimo habilitado. • https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2247 – JFrog Artifactory Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-2247
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism. Las versiones de JFrog Artifactory inferiores a 7.77.7 son vulnerables a Cross Site Scripting basadas en DOM debido a un manejo inadecuado del mecanismo de anulación de importación. • https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42661 – JFrog Artifactory Improper input validation leads to arbitrary file write
https://notcve.org/view.php?id=CVE-2023-42661
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts. JFrog Artifactory anterior a la versión 7.76.2 es vulnerable a la escritura arbitraria de archivos de datos que no son de confianza, lo que puede provocar DoS o ejecución remota de código cuando un usuario autenticado envía una serie de solicitudes especialmente manipuladas. Esto se debe a una validación insuficiente de los artefactos. • https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories • CWE-20: Improper Input Validation •