cve/2018/CVE-2018-1000206.md

### [CVE-2018-1000206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000206)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.

### POC

#### Reference
- https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/
- https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/
- https://www.jfrog.com/jira/browse/RTFACT-17004
- https://www.jfrog.com/jira/browse/RTFACT-17004
- https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581
- https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-1000206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000206)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.`

			`### POC`

			`#### Reference`
			`- https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://www.jfrog.com/jira/browse/RTFACT-17004`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://www.jfrog.com/jira/browse/RTFACT-17004`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`