JFrog Product Security Update Advisory (CVE-2024-6915)

Overview
 

JFrog has released an update to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-6915

  • JFrog Artifactory version: ~ 7.90.6 (excluded)
  • JFrog Artifactory version: ~ 7.84.20 (excluded)
  • JFrog Artifactory version: ~ 7.77.14 (excluded)
  • JFrog Artifactory version: ~ 7.71.23 (excluded)
  • JFrog Artifactory version: ~ 7.68.22 (excluded)
  • JFrog Artifactory version: ~ 7.63.22 (excluded)
  • JFrog Artifactory version: ~ 7.59.23 (excluded)
  • JFrog Artifactory version: ~ 7.55.18 (excluded)

     

 

Resolved Vulnerabilities

Improper input validation vulnerability in JFrog Artifactory that could potentially lead to cache poisoning (CVE-2024-6915)

 

 

Vulnerability Patches

The following Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-6915

  • JFrog Artifactory version: 7.90.6
  • JFrog Artifactory version: 7.84.20
  • JFrog Artifactory version: 7.77.14
  • JFrog Artifactory version: 7.71.23
  • JFrog Artifactory version: 7.68.22
  • JFrog Artifactory version: 7.63.22
  • JFrog Artifactory version: 7.59.23
  • JFrog Artifactory version: 7.55.18

     

Referenced Sites

[1] CVE-2024-6915 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-6915

[2] JFrog Security Advisories

https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories

Article Link: JFrog Product Security Update Advisory (CVE-2024-6915) – ASEC