CVE-2023-42661

EUVD-2023-47094
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
jfrogartifactory
𝑥
< 7.76.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
jfrogartifactory
𝑥
< 7.76.2
ADP
Common Weakness Enumeration
References
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories