CVE ID | Severity | Date Published | Date Updated |
|---|---|---|---|
CVE-2024-2247 | High | 03/13/2024 | 03/13/2024 |
Description
JFrog Artifactory prior to version 7.77.7, is vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.
Severity
High
Affected Products
Product | Affected Version | Patched Version |
|---|---|---|
Artifactory Self-Hosted | < = 7.77.6 | 7.77.7 |
How to Fix
Cloud Environments: JFrog cloud environments are protected. No action is required for cloud instances.
Self Hosted Environments: Update to version 7.77.7
Workarounds and Mitigations
Customers can block the import of the vulnerable script by the browser, using a WAF / reverse proxy rule that blocks requests to the following HTTP path: /ui/externals/import-map-overrides/dist/import-map-overrides.js
Weakness Type
CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Acknowledgements
Reported by CaTz.
We are here for your Questions (JFrog Support Team)
If you have questions or concerns regarding this advisory, please raise a support request at JFrog support portal.