CVE-2024-2247Cross-site Scripting in Artifactory

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
CNA8.8
EPSS
2.6%
top 14.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jfrog Artifactory
Timeline
PublishedMar 13

Description

JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5jfrog/artifactory< 7.77.7+1
NVDjfrog/artifactory7.77.7

🔴Vulnerability Details

2
CVEList
JFrog Artifactory Cross-Site Scripting2024-03-13
GHSA
GHSA-gqg8-h7gm-47hq: JFrog Artifactory versions below 72024-03-13
CVE-2024-2247 — Cross-site Scripting in Artifactory | cvebase