Vulnerability Description
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jfrog | Artifactory | >= 5.11.0, < 6.1.0 |
Related Weaknesses (CWE)
References
- https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-uExploitThird Party Advisory
- https://www.jfrog.com/jira/browse/RTFACT-17004Issue TrackingPatchVendor Advisory
- https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581Release NotesVendor Advisory
- https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-uExploitThird Party Advisory
- https://www.jfrog.com/jira/browse/RTFACT-17004Issue TrackingPatchVendor Advisory
- https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581Release NotesVendor Advisory
FAQ
What is CVE-2018-1000206?
CVE-2018-1000206 is a vulnerability with a CVSS score of 8.8 (HIGH). JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as lo...
How severe is CVE-2018-1000206?
CVE-2018-1000206 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000206?
Check the references section above for vendor advisories and patch information. Affected products include: Jfrog Artifactory.