CVE-2023-42662
6.5
MEDIUM
CVSS 3.1
EPSS 0.28%
Description
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration.
How to fix CVE-2023-42662
To remediate CVE-2023-42662, upgrade the affected package to a fixed version below.
- Bitnami/artifactory—upgrade to 7.59.18 or later
Is CVE-2023-42662 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 7.59.0, < 7.59.18, >= 7.60.0, < 7.63.18, >= 7.64.0, < 7.68.19, >= 7.69.0, < 7.71.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |