CVE Identifier | Severity | CWE / Weakness Type | Date Publishing | Date Updated |
|---|---|---|---|---|
Medium | CWE-79 Improper Authentication | Jan 04, 2026 | Jan 04, 2026 |
Description
JFrog Artifactory versions later than 7.94.0 but prior to version 7.117.10 (Enterprise+ and Enterprise X deployments only), are vulnerable to DOM-based cross-site scripting due to improper handling of the import validation mechanism.
Affected Products
Product | Affected Version | Patched Version |
|---|---|---|
Artifactory Cloud | Versions greater than 7.94.0 but less than 7.117.10 | 7.117.10 |
How to Fix
Cloud Environments: Affected Cloud environments have already been fortified. No action is required for cloud instances
Self-Hosted Environments: Upgrade to version 7.117.10
Workarounds and Mitigations
Users can block the Workers functionality:
Block /ui/admin/workers/ path on WAF
Uninstall Workers