CVE-2024-3505

JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*

History

01 Apr 2025, 13:59

Type Values Removed Values Added
References () https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories - () https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories - Vendor Advisory
CWE NVD-CWE-noinfo
First Time Jfrog artifactory
Jfrog
CPE cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*

21 Nov 2024, 09:29

Type Values Removed Values Added
References () https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories - () https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories -

15 Apr 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) Las versiones autohospedadas de JFrog Artifactory inferiores a 7.77.3 son vulnerables a la divulgación de información confidencial mediante la cual un usuario autenticado con pocos privilegios puede leer la configuración del proxy. Esto no afecta las implementaciones en la nube de JFrog.

15 Apr 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-15 08:15

Updated : 2025-04-01 13:59


NVD link : CVE-2024-3505

Mitre link : CVE-2024-3505

CVE.ORG link : CVE-2024-3505


JSON object : View

Products Affected

jfrog

  • artifactory
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo