CVE-2018-1000206: CSRF
First published: Fri Jul 13 2018(Updated: )
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jfrog Artifactory | >=5.11.0<6.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1000206?
CVE-2018-1000206 is a Cross-Site Request Forgery (CSRF) vulnerability found in JFrog Artifactory version 5.11 and higher.
How severe is CVE-2018-1000206?
CVE-2018-1000206 has a severity score of 8.8 (high).
How can an attacker exploit CVE-2018-1000206?
An attacker can exploit CVE-2018-1000206 by executing a classic CSRF attack and performing actions as a logged-in user.
Which version of JFrog Artifactory is affected by CVE-2018-1000206?
JFrog Artifactory versions between 5.11.0 and 6.1.0 are affected by CVE-2018-1000206.
How can I fix CVE-2018-1000206?
To fix CVE-2018-1000206, upgrade your JFrog Artifactory version to 6.1.0 or higher.
- collector/nvd-index
- vendor/jfrog
- canonical/jfrog artifactory
- version/jfrog artifactory/5.11.0