CVE-2018-1000206

HIGH

JFrog Artifactory 5.11.0-6.0.x - Cross-Site Request Forgery via Flash Component

Title source: llm
STIX 2.1

Description

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.

References (3)

Core 3
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://www.jfrog.com/jira/browse/RTFACT-17004

Scores

CVSS v3 8.8
EPSS 0.0076
EPSS Percentile 50.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
jfrog/artifactory 5.11.0 - 6.1.0
Published Jul 13, 2018
Tracked Since Feb 18, 2026