9.3

CVE-2023-42662

EPSS 0.48%
Veröffentlicht 07.03.2024 09:15:38
Zuletzt bearbeitet 11.03.2025 16:40:52
Quelle reefs@jfrog.com
CVE-Watchlists
Login
Unerledigt
Login

JFrog Artifactory Improper SSO Mechanism may lead to Exposure of Access Tokens

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jfrog ≫ Artifactory SwPlatform- Version >= 7.59.0 < 7.59.18

Jfrog ≫ Artifactory SwPlatform- Version >= 7.63.5 < 7.63.18

Jfrog ≫ Artifactory SwPlatform- Version >= 7.68.7 < 7.68.19

Jfrog ≫ Artifactory SwPlatform- Version >= 7.71.2 < 7.71.8

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.373

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
reefs@jfrog.com	9.3	2.8	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-42662

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-42662

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-42662

EUVD