Description

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.

Remediation

References

CVE-2018-1000206

Related Vulnerabilities

WordPress 4.3.x Prototype Pollution (4.3 - 4.3.27)

WordPress Plugin CMP-Coming Soon & Maintenance by NiteoThemes Security Bypass (3.8.1)

Oracle Database Server CVE-2007-5504 Vulnerability (CVE-2007-5504)

Drupal CVE-2014-9016 Vulnerability (CVE-2014-9016)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.5.2)

Severity

High

Classification

CVE-2018-1000206 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities