CVE-2024-4142

CRITICAL9.0EPSS 0.80%

發布日:2024/5/3修改日:2025/4/3

也稱為:BIT-artifactory-2024-4142

描述

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with anonymous access enabled.

受影響套件(1)

Bitnami/artifactoryfrom 0, < 7.55.17, >= 7.56.0, < 7.59.22, >= 7.60.0, < 7.63.21, >= 7.64.0, < 7.68.21, >= 7.69.0, < 7.71.21, >= 7.72.0, < 7.77.11, >= 7.78.0, < 7.84.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

參考連結(2)

WEBhttps://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-4142