CVE-2024-4142

CRITICAL9.0EPSS 0.80%

Published: 5/3/2024Modified: 4/3/2025

Description

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with anonymous access enabled.

Affected packages (1)

Bitnami/artifactoryfrom 0, < 7.55.17, >= 7.56.0, < 7.59.22, >= 7.60.0, < 7.63.21, >= 7.64.0, < 7.68.21, >= 7.69.0, < 7.71.21, >= 7.72.0, < 7.77.11, >= 7.78.0, < 7.84.6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References (2)

WEBhttps://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-4142