CVE-2024-4142

EUVD-2024-32702
An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory.

Due to this vulnerability, users with low privileges may gain administrative access to the system.

This issue can also be exploited in Artifactory platforms with anonymous access enabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
JFROGCNA
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
jfrogartifactory
𝑥
< 7.84.6
CNA
jfrogartifactory
𝑥
< 7.77.11
CNA
jfrogartifactory
𝑥
< 7.71.21
CNA
jfrogartifactory
𝑥
< 7.68.21
CNA
jfrogartifactory
𝑥
< 7.63.21
CNA
jfrogartifactory
𝑥
< 7.59.22
CNA
jfrogartifactory
𝑥
< 7.55.17
CNA
Common Weakness Enumeration
References
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories