CVE-2024-2248

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2248
A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email.

6.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
Configurations

No configuration.

History

21 Nov 2024, 09:09

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de inyección de encabezado en la plataforma JFrog en versiones inferiores a 7.85.0 (SaaS) y 7.84.7 (autohospedado) puede permitir que actores de amenazas se apoderen de la cuenta del usuario final al hacer clic en una URL especialmente manipulada y enviada al correo electrónico del usuario de la víctima.
References () https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories - () https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories -

15 May 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-15 13:15

Updated : 2024-11-21 09:09

NVD link : CVE-2024-2248

Mitre link : CVE-2024-2248

CVE.ORG link : CVE-2024-2248

JSON object : View

Products Affected

No product.

CWE
CWE-20

Improper Input Validation


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024