JFrog Artifactory Product Security Update Advisory

May 08 2024

Overview

We have released an update to address a vulnerability in JFrog Artifactory. users of affected versions are advised to update to the latest version.

Affected Products

JFrog Artifactory versions prior to 7.77.11 (except 7.55.17, 7.59.22, 7.63.21, 7.68.21, 7.71.21, and 7.77.11)

Resolved Vulnerabilities

Improper input validation vulnerability in the JFrog Artifactory (CVE-2024-4142)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

JFrog Artifactory versions 7.55.17, 7.59.22, 7.63.21, 7.68.21, 7.71.21, and 7.77.11

Referenced Sites

[1] CVE-2024-4142 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-4142

[2] CVE-2024-4142 – Improper Input Validation in Artifactory Token Creation Flow

https://jfrog.com/help/r/jfrog-release-information/cve-2024-4142-improper-input-validation-in-artifactory-token-creation-flow

JFrog Artifactory Product Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Cisco Family Security Update Advisory

Security Update Advisory for TunnelVision Attack (CVE-2024-3661)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Cisco Family Security Update Advisory

Security Update Advisory for TunnelVision Attack (CVE-2024-3661)