CVE-2018-1000206

Sažetak

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.

Reference

https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/
https://www.jfrog.com/jira/browse/RTFACT-17004
https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

03-06-2019 - 18:52

Objavljeno

13-07-2018 - 18:29