Overview
JFrog has released an update to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-6915
- JFrog Artifactory version: ~ 7.90.6 (excluded)
- JFrog Artifactory version: ~ 7.84.20 (excluded)
- JFrog Artifactory version: ~ 7.77.14 (excluded)
- JFrog Artifactory version: ~ 7.71.23 (excluded)
- JFrog Artifactory version: ~ 7.68.22 (excluded)
- JFrog Artifactory version: ~ 7.63.22 (excluded)
- JFrog Artifactory version: ~ 7.59.23 (excluded)
- JFrog Artifactory version: ~ 7.55.18 (excluded)
Resolved Vulnerabilities
Improper input validation vulnerability in JFrog Artifactory that could potentially lead to cache poisoning (CVE-2024-6915)
Vulnerability Patches
The following Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-6915
- JFrog Artifactory version: 7.90.6
- JFrog Artifactory version: 7.84.20
- JFrog Artifactory version: 7.77.14
- JFrog Artifactory version: 7.71.23
- JFrog Artifactory version: 7.68.22
- JFrog Artifactory version: 7.63.22
- JFrog Artifactory version: 7.59.23
- JFrog Artifactory version: 7.55.18
Referenced Sites
[1] CVE-2024-6915 Detail
https://nvd.nist.gov/vuln/detail/cve-2024-6915
[2] JFrog Security Advisories
https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories
Article Link: JFrog Product Security Update Advisory (CVE-2024-6915) – ASEC