CVE-2018-1000206
HIGHJFrog Artifactory 5.11.0-6.0.x - Cross-Site Request Forgery via Flash Component
Title source: llmDescription
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/
Release Notes, Vendor Advisory x_refsource_confirm
https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://www.jfrog.com/jira/browse/RTFACT-17004
Scores
CVSS v3
8.8
EPSS
0.0076
EPSS Percentile
50.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
jfrog/artifactory
5.11.0 - 6.1.0
Published
Jul 13, 2018
Tracked Since
Feb 18, 2026