First published: Fri Jul 13 2018(Updated: )
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | >=5.11.0<6.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1000206 is a Cross-Site Request Forgery (CSRF) vulnerability found in JFrog Artifactory version 5.11 and higher.
CVE-2018-1000206 has a severity score of 8.8 (high).
An attacker can exploit CVE-2018-1000206 by executing a classic CSRF attack and performing actions as a logged-in user.
JFrog Artifactory versions between 5.11.0 and 6.1.0 are affected by CVE-2018-1000206.
To fix CVE-2018-1000206, upgrade your JFrog Artifactory version to 6.1.0 or higher.