CVE-2023-42662

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories	Vendor Advisory
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:jfrog:artifactory::::::-::*
	cpe:2.3:a:jfrog:artifactory::::::-::*
	cpe:2.3:a:jfrog:artifactory::::::-::*
	cpe:2.3:a:jfrog:artifactory::::::-::*

History

11 Mar 2025, 16:40

Type	Values Removed	Values Added
CPE		cpe:2.3:a:jfrog:artifactory::::::-::*
First Time		Jfrog artifactory Jfrog
References	~~() https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories -~~	() https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories - Vendor Advisory

21 Nov 2024, 08:22

Type	Values Removed	Values Added
References	~~() https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories -~~	() https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories -
Summary		(es) Las versiones de JFrog Artifactory 7.59 y superiores, pero inferiores a 7.59.18, 7.63.18, 7.68.19, 7.71.8 son vulnerables a un problema por el cual la interacción del usuario con URL especialmente manipuladas podría provocar la exposición de los tokens de acceso del usuario debido a un manejo inadecuado del Integración SSO basada en navegador CLI/IDE.

07 Mar 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-07 09:15

Updated : 2025-03-11 16:40

NVD link : CVE-2023-42662

Mitre link : CVE-2023-42662

CVE.ORG link : CVE-2023-42662

JSON object : View

Products Affected

jfrog

artifactory

CWE

CWE-287

Improper Authentication

{"id": "CVE-2023-42662", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "reefs@jfrog.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-03-07T09:15:38.290", "references": [{"url": "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories", "tags": ["Vendor Advisory"], "source": "reefs@jfrog.com"}, {"url": "https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "reefs@jfrog.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.\n"}, {"lang": "es", "value": "Las versiones de JFrog Artifactory 7.59 y superiores, pero inferiores a 7.59.18, 7.63.18, 7.68.19, 7.71.8 son vulnerables a un problema por el cual la interacci\u00f3n del usuario con URL especialmente manipuladas podr\u00eda provocar la exposici\u00f3n de los tokens de acceso del usuario debido a un manejo inadecuado del Integraci\u00f3n SSO basada en navegador CLI/IDE."}], "lastModified": "2025-03-11T16:40:52.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "C24F3D9E-9364-4570-96ED-433AFFE5144C", "versionEndExcluding": "7.59.18", "versionStartIncluding": "7.59.0"}, {"criteria": "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "A8B53DA3-129E-4030-AAEA-13DE15E2D99C", "versionEndExcluding": "7.63.18", "versionStartIncluding": "7.63.5"}, {"criteria": "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "17B54888-01AA-45AC-BCA6-2AECBFE28CE2", "versionEndExcluding": "7.68.19", "versionStartIncluding": "7.68.7"}, {"criteria": "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "D8B7666E-8012-403A-8D42-75BD4D82F16E", "versionEndExcluding": "7.71.8", "versionStartIncluding": "7.71.2"}], "operator": "OR"}]}], "sourceIdentifier": "reefs@jfrog.com"}