CVE-2018-1000206
Summary
| CVE | CVE-2018-1000206 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-13 18:29:00 UTC |
| Updated | 2019-06-03 18:52:00 UTC |
| Description | JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jfrog | Artifactory | All | All | All | All |
| Application | Jfrog | Artifactory | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Exploiting JSON Cross Site Request Forgery (CSRF) using Flash | Geekboy | Security Researcher | MISC | www.geekboy.ninja | Exploit, Third Party Advisory |
| Release Notes - JFrog JIRA | CONFIRM | www.jfrog.com | Release Notes, Vendor Advisory |
| [RTFACT-17004] CSRF vulnerability with flash redirect - JFrog JIRA | CONFIRM | www.jfrog.com | Issue Tracking, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.