CVE-2023-42509 MEDIUM

CVE-2023-42509: JFrog Artifactory Sensitive Data Leakage in Repository configuration process

Vendor Jfrog
Product Artifactory
Weakness CWE-755
Published March 7, 2024
Last update August 2, 2024

CVSS base score

6.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data.

Key dates

02Disclosure timeline

March 7, 2024 CVE published
August 2, 2024 Record updated