CVE-2023-42662

CVSS 3.1 Score 9.3 of 10 (high)

Details

Published Mar 7, 2024
CWE ID 287

Summary

CVE-2023-42662 is a cybersecurity vulnerability affecting JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, and 7.71.8. This issue allows user interaction with maliciously crafted URLs to potentially expose user access tokens. The vulnerability arises due to improper handling of the CLI / IDE browser-based Single Sign-On (SSO) integration within these Artifactory versions. Successful exploitation requires no authentication and could grant unauthorized access to affected systems. Users are urged to upgrade to the patched versions to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share