CVE-2024-3505 MEDIUM

CVE-2024-3505: JFrog Self-Hosted Artifactory Proxy configuration accessible to low-privilege users

Vendor Jfrog

Product Artifactory Self-Hosted

Weakness CWE-200 · Info exposure

Published April 15, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments.

Key dates

02Disclosure timeline

April 15, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3505 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2024-3505: JFrog Self-Hosted Artifactory Proxy configuration accessible to low-privilege users

01Description

02Disclosure timeline

03References

04Related CVE