CVE-2023-42508

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 3, 2023

Updated: Oct 5, 2023

CWE ID 20

Summary

CVE-2023-42508 is a vulnerability affecting JFrog Artifactory before version 7.66.0. An attacker can exploit this issue by abusing specific endpoints with a carefully crafted payload, resulting in unauthenticated users gaining the ability to send emails from the system with manipulated email bodies. This poses a significant risk for email phishing attacks and other forms of email-based attacks. Organizations using Artifactory are strongly advised to update to the patched version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

JFROG artifactory
Artifactory

Affected Vendors

JFrog Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sp678h
https://www.cve.org/CVERecord?id=CVE-2023-42508
https://nvd.nist.gov/vuln/detail/CVE-2023-42508

Back to Vulnerability Database