CVE-2024-6915: 
Artifactory vulnerability analysis and mitigation

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, and 7.55.18 are affected by an improper input validation vulnerability (CVE-2024-6915) that could potentially lead to cache poisoning. The vulnerability was discovered on July 29, 2024, and was fixed with the release of version 7.90.6 on August 5, 2024. This security issue specifically affects Artifactory instances that have at least one proxy repository configured (GitHub Lab).

The vulnerability has been classified as CWE-20 (Improper Input Validation) and received a CVSS v3.1 base score of 9.3 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L. The technical implementation involves improper input validation that could lead to cache poisoning in the affected versions (NVD).

The vulnerability enables cache poisoning attacks against JFrog Artifactory installations. This affects the integrity and availability of artifacts stored in proxy repositories, potentially compromising the software supply chain security (GitHub Lab).

Users are strongly advised to upgrade to JFrog Artifactory version 7.90.6 or later versions (7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18) which contain the security fix for this vulnerability (NVD).