JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.
References
Link | Resource |
---|---|
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories | Vendor Advisory |
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Mar 2025, 16:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:* | |
First Time |
Jfrog artifactory
Jfrog |
|
References | () https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories - Vendor Advisory |
21 Nov 2024, 08:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories - | |
Summary |
|
07 Mar 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-07 09:15
Updated : 2025-03-11 16:40
NVD link : CVE-2023-42662
Mitre link : CVE-2023-42662
CVE.ORG link : CVE-2023-42662
JSON object : View
Products Affected
jfrog
- artifactory
CWE
CWE-287
Improper Authentication