Lucene search
HistoryOct 03, 2023 - 1:15 p.m.
CVE-2023-42508
jfrog artifactory
version 7.66.0
specific endpoint abuse
crafted payload
unauthenticated users
manipulated email body
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
24.5%
JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.
Affected configurations
Node
jfrogartifactoryRange7.0.0–7.66.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| jfrog | artifactory | * | cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
osv
osv
BIT-artifactory-2023-42508
2024-03-06 10:50:38
cve
cve
CVE-2023-42508
2023-10-03 13:15:11
prion
prion
Code injection
2023-10-03 13:15:00
vulnrichment
vulnrichment
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
24.5%
Related for NVD:CVE-2023-42508