CVE-2023-42662

MEDIUM6.5EPSS 0.28%

Published: 3/31/2024Modified: 4/3/2025

Also known as:BIT-artifactory-2023-42662

Description

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.

Affected packages (1)

Bitnami/artifactory>= 7.59.0, < 7.59.18, >= 7.60.0, < 7.63.18, >= 7.64.0, < 7.68.19, >= 7.69.0, < 7.71.8

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References (2)

WEBhttps://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-42662