Products
JFrog Artifactory
Source
reefs@jfrog.com
Tags
CVE-2024-4142 details
Published : May 1, 2024, 9:15 p.m.
Last Modified : May 1, 2024, 9:15 p.m.
Last Modified : May 1, 2024, 9:15 p.m.
Description
An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with anonymous access enabled.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9.0 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
9.0
Exploitability Score
Impact Score
Base Severity
CRITICAL
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
References
URL | Source |
---|---|
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories | reefs@jfrog.com |
This website uses the NVD API, but is not approved or certified by it.