CVE-2024-6915

Summary

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning.

Affected Software

VendorProductVersion RangeStatus
JFrogArtifactory0 < 7.90.6affected
JFrogArtifactory0 < 7.84.20affected
JFrogArtifactory0 < 7.77.14affected
JFrogArtifactory0 < 7.71.23affected
JFrogArtifactory0 < 7.68.22affected
JFrogArtifactory0 < 7.63.22affected
JFrogArtifactory0 < 7.59.23affected
JFrogArtifactory0 < 7.55.18affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References