CVE-2023-42508: Input Validation
First published: Tue Oct 03 2023(Updated: )
JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.
Credit: reefs@jfrog.com reefs@jfrog.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jfrog Artifactory | >=7.0.0<7.66.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this JFrog Artifactory vulnerability?
The vulnerability ID is CVE-2023-42508.
What is the severity of CVE-2023-42508?
The severity of CVE-2023-42508 is medium with a CVSS score of 6.5.
What is the impact of CVE-2023-42508?
CVE-2023-42508 can allow unauthenticated users to send emails with manipulated email body.
How can I fix the CVE-2023-42508 vulnerability?
To fix CVE-2023-42508, upgrade JFrog Artifactory to version 7.66.0 or above.
Where can I find more information about CVE-2023-42508?
You can find more information about CVE-2023-42508 in the JFrog Security Advisories at https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories.
- collector/nvd-api
- collector/nvd-index
- agent/tags
- agent/event
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/jfrog
- canonical/jfrog artifactory
- version/jfrog artifactory/7.0.0