Vulnerability CVE-2018-1000206
Published: 2018-07-13

Description:
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.

Type:

CWE-352

 (Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Jfrog -> Artifactory 

 References:
https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/
https://www.jfrog.com/jira/browse/RTFACT-17004
https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581
Copyright 2024, cxsecurity.com

 

Back to Top