CVE-2018-1000206
N/A
N/A
Summary
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/
- https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581
- https://www.jfrog.com/jira/browse/RTFACT-17004
References
- https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/
- https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581
- https://www.jfrog.com/jira/browse/RTFACT-17004
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.