Jfrog Artifactory Flaw Let Attackers Poison Artifact Caches
.webp?w=696&resize=696,0&ssl=1 "Jfrog Artifactory Flaw Let Attackers Poison Artifact Caches")
A excessive vulnerability acknowledged as CVE-2024-6915 has been found in JFrog Artifactory, a broadly archaic repository supervisor.
This flaw, classified below CWE-20 (Unpleasant Enter Validation), enables attackers to poison artifact caches, perchance main to excessive security breaches.
CVE-2024-6915: Cache Poisoning
The vulnerability has been marked as ‘Vital’ and was once revealed and updated on August 5, 2024. The flaw affects more than one variations of JFrog Artifactory, particularly these below variations 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, and 7.55.18.
Affected Products
The next table outlines the affected variations and their corresponding patched variations:
| Product | Affected Version | Patched Version |
| Artifactory | < 7.90.6 | 7.90.6 |
| Artifactory | < 7.84.20 | 7.84.20 |
| Artifactory | < 7.77.14 | 7.77.14 |
| Artifactory | < 7.71.23 | 7.71.23 |
| Artifactory | < 7.68.22 | 7.68.22 |
| Artifactory | < 7.63.22 | 7.63.22 |
| Artifactory | < 7.59.23 | 7.59.23 |
| Artifactory | < 7.55.18 | 7.55.18 |
Cloud environments maintain already been updated with the predominant security controls, requiring no user experience. On the other hand, cloud clients with hybrid deployments need to give a enhance to their on-premise Edge circumstances.
To mitigate the threat, it’s miles generally recommended to disable nameless glean admission to or take away Deploy/Cache permissions for faraway repositories for the Nameless story.
Michael Stepankin (artsploit) from the GitHub Security Lab found and reported this excessive bid. Care for tuned for more updates on this constructing fable.
Source credit : cybersecuritynews.com
