CVE-2024-2248 MEDIUM

CVE-2024-2248: JFrog Artifactory Header Injection

Vendor Jfrog

Product Artifactory

Weakness CWE-20 · Input validation

Published May 15, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email.

Key dates

02Disclosure timeline

May 15, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2248 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2024-2248

CWE CWE-20

CVSS 6.4 / MEDIUM

Affected versions

Vendor Jfrog

Product Artifactory

Affected < 7.85.0

Vendor Jfrog

Product Artifactory

Affected < 7.84.7

CVE-2024-2248: JFrog Artifactory Header Injection

01Description

02Disclosure timeline

03References

04Related CVE