CVE-2023-42662
JFrog Artifactory Improper SSO Mechanism may lead to Exposure of Access Tokens
Severity Score
9.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.
Las versiones de JFrog Artifactory 7.59 y superiores, pero inferiores a 7.59.18, 7.63.18, 7.68.19, 7.71.8 son vulnerables a un problema por el cual la interacción del usuario con URL especialmente manipuladas podría provocar la exposición de los tokens de acceso del usuario debido a un manejo inadecuado del Integración SSO basada en navegador CLI/IDE.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-12 CVE Reserved
- 2024-03-07 CVE Published
- 2024-03-08 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
- CAPEC-114: Authentication Abuse
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| JFrog Search vendor "JFrog" | Artifactory Search vendor "JFrog" for product "Artifactory" | >= 7.59.0 < 7.59.18 Search vendor "JFrog" for product "Artifactory" and version " >= 7.59.0 < 7.59.18" | en |
Affected
| ||||||
| JFrog Search vendor "JFrog" | Artifactory Search vendor "JFrog" for product "Artifactory" | >= 7.59.0 < 7.63.18 Search vendor "JFrog" for product "Artifactory" and version " >= 7.59.0 < 7.63.18" | en |
Affected
| ||||||
| JFrog Search vendor "JFrog" | Artifactory Search vendor "JFrog" for product "Artifactory" | >= 7.59.0 < 7.68.19 Search vendor "JFrog" for product "Artifactory" and version " >= 7.59.0 < 7.68.19" | en |
Affected
| ||||||
| JFrog Search vendor "JFrog" | Artifactory Search vendor "JFrog" for product "Artifactory" | >= 7.59.0 < 7.71.8 Search vendor "JFrog" for product "Artifactory" and version " >= 7.59.0 < 7.71.8" | en |
Affected
| ||||||