CVE-2018-1000206

Published: Jul 13, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.

Affected (1)

Products: Jfrog: Artifactory

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jfrog Artifactory	From 5.11.0 to 6.1.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.jfrog.com/jira/browse/RTFACT-17004

Source: cve@mitre.org

Issue TrackingPatchVendor Advisory

https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.jfrog.com/jira/browse/RTFACT-17004

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.