CVE-2023-42662

Summary

JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.

Affected Software

VendorProductVersion RangeStatus
JFrogArtifactory7.59 < 7.59.18affected
JFrogArtifactory7.59 < 7.63.18affected
JFrogArtifactory7.59 < 7.68.19affected
JFrogArtifactory7.59 < 7.71.8affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References