First published: Tue Oct 03 2023(Updated: )
JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.
Credit: reefs@jfrog.com reefs@jfrog.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | >=7.0.0<7.66.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-42508.
The severity of CVE-2023-42508 is medium with a CVSS score of 6.5.
CVE-2023-42508 can allow unauthenticated users to send emails with manipulated email body.
To fix CVE-2023-42508, upgrade JFrog Artifactory to version 7.66.0 or above.
You can find more information about CVE-2023-42508 in the JFrog Security Advisories at https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories.