CVE-2024-4142

Summary

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory.

Due to this vulnerability, users with low privileges may gain administrative access to the system.

This issue can also be exploited in Artifactory platforms with anonymous access enabled.

Affected Software

VendorProductVersion RangeStatus
JFrogArtifactory0 < 7.84.6affected
JFrogArtifactory0 < 7.77.11affected
JFrogArtifactory0 < 7.71.21affected
JFrogArtifactory0 < 7.68.21affected
JFrogArtifactory0 < 7.63.21affected
JFrogArtifactory0 < 7.59.22affected
JFrogArtifactory0 < 7.55.17affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References