Categories
Brand

Jfrog Artifactory Flaw Let Attackers Poison Artifact Caches

الثلاثاء، 6 أغسطس 2024

This flaw, categorized under CWE-20 (Improper Input Validation), allows attackers to poison artifact caches, potentially leading to severe security breaches.

CVE-2024-6915: Cache Poisoning

The vulnerability has been marked as ‘Critical’ and was published and updated on August 5, 2024. The flaw affects multiple versions of JFrog Artifactory, specifically those below versions 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, and 7.55.18.

Affected Products

The following table outlines the affected versions and their corresponding patched versions:

ProductAffected VersionPatched Version
Artifactory< 7.90.67.90.6
Artifactory< 7.84.207.84.20
Artifactory< 7.77.147.77.14
Artifactory< 7.71.237.71.23
Artifactory< 7.68.227.68.22
Artifactory< 7.63.227.63.22
Artifactory< 7.59.237.59.23
Artifactory< 7.55.187.55.18

 

Cloud environments have already been updated with the necessary security controls, requiring no user action. However, cloud customers with hybrid deployments must upgrade their on-premise Edge instances.

To mitigate the risk, it is recommended to disable anonymous access or remove Deploy/Cache permissions for remote repositories for the Anonymous account.

Leave your comment
*
*