JFrog Artifactory vulnerable to DOM-based cross-site scripting
CVE-2024-2247

6.1MEDIUM

Key Information:

Vendor: Jfrog
Status: Artifactory
Vendor: CVE Published:; 13 March 2024

What is CVE-2024-2247?

A critical vulnerability exists in JFrog Artifactory that enables attackers to exploit DOM-based cross-site scripting due to improper handling of the import override mechanism. This flaw affects versions prior to 7.77.7 and 7.82.1, allowing potential attackers to execute malicious scripts within the application's context. Users of impacted versions are strongly advised to apply the necessary updates or mitigations to protect against arbitrary script execution and the associated risks.

Affected Version(s)

Artifactory 0 < 7.77.7

Artifactory 0 < 7.82.1

References

https://jfrog.com/help/r/jfrog-release-information/jfrog-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Mar 7, 2024

Jfrog

What is CVE-2024-2247?

Affected Version(s)

References

CVSS V3.1

Timeline