Description

JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments.

Remediation

References

CVE-2024-3505

Related Vulnerabilities

Apache HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2003-1418)

Python Unchecked Return Value Vulnerability (CVE-2021-4189)

PrestaShop Files or Directories Accessible to External Parties Vulnerability (CVE-2020-5250)

PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2013-6358)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1044)

Severity

Medium

Classification

CVE-2024-3505 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities