SiddharamAlagi
commented
2 days ago We are awaiting your response.
Open SiddharamAlagi opened 3 days ago
SiddharamAlagi
commented
2 days ago We are awaiting your response.
vasukinjfrog
commented
2 days ago Hi @SiddharamAlagi
The vulnerability CVE-2023-44487 is under CVEs Not Impacting Artifactory and the CVE-2023-4911 is fixed in releases later to that of 7.68.21, so please do exercise a staged upgrade on a non-production environment (as a best practice) and post upgrade verification, roll to production environments with 7.98 series
We are currently using JFrog Artifactory version 7.68.21 and have identified the following vulnerabilities:
CVE-2023-44487 - This vulnerability has been reported in our environment as a potential security issue. CVE-2023-4911 - This vulnerability is also being flagged in our current version. We would like to confirm if these issues have been fixed in newer versions and request guidance on how we can safely upgrade to a version where these vulnerabilities are resolved. Based on our research, we believe that 7.98.8 or later should address these vulnerabilities, but would appreciate your confirmation.
Impact: As these vulnerabilities pose security risks, we need to take immediate action to ensure our environment is secure. Please provide the appropriate guidance for remediation.
Current Version:
Artifactory version: 7.68.21 Requested Action:
Confirmation if upgrading to version 7.98.8 will resolve the issues. Any other necessary steps for patching these vulnerabilities. Additional Information: If there are specific patches or versions that address these vulnerabilities, kindly share the details.
Thank you for your assistance.