CVE-2024-3505

Name of the Vulnerable Software and Affected Versions JFrog Artifactory Self-Hosted versions prior to 7.77.3

Description The issue allows a low-privileged authenticated user to disclose sensitive information by reading the proxy configuration. This does not affect JFrog cloud deployments.

Recommendations For versions prior to 7.77.3, update to version 7.77.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the proxy configuration to minimize the risk of exploitation.