Overview
- Description
- A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user email.
- Source
- reefs@jfrog.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 6.4
- Impact score
- 4.7
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
- Severity
- MEDIUM
Weaknesses
- reefs@jfrog.com
- CWE-20
Social media
- Hype score
- Not currently trending