JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration.
This does not affect JFrog cloud deployments.
References
Link | Resource |
---|---|
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories | Vendor Advisory |
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories | Vendor Advisory |
Configurations
History
01 Apr 2025, 13:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories - Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
First Time |
Jfrog artifactory
Jfrog |
|
CPE | cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:* |
21 Nov 2024, 09:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories - |
15 Apr 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Apr 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-15 08:15
Updated : 2025-04-01 13:59
NVD link : CVE-2024-3505
Mitre link : CVE-2024-3505
CVE.ORG link : CVE-2024-3505
JSON object : View
Products Affected
jfrog
- artifactory
CWE