CVE-2023-42662 CRITICAL

CVE-2023-42662: JFrog Artifactory Improper SSO Mechanism may lead to Exposure of Access Tokens

Vendor Jfrog
Product Artifactory
Weakness CWE-287 · Improper authentication
Published March 7, 2024
Last update August 2, 2024

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.

Key dates

02Disclosure timeline

March 7, 2024 CVE published
August 2, 2024 Record updated