CVE-2024-4142

An Improper input validation vulnerability that could potentially lead to privilege escalationwas discovered in JFrog Artifactory.

Due to this vulnerability, users with low privileges may gain administrative access to the system.

This issue can also be exploited in Artifactory platforms with anonymous access enabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
JFROGCNA
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Common Weakness Enumeration
References
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories