mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 17:22:02 +00:00
1.2 KiB
1.2 KiB
CVE-2018-1000206
Description
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.
POC
Reference
- https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/
- https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/
- https://www.jfrog.com/jira/browse/RTFACT-17004
- https://www.jfrog.com/jira/browse/RTFACT-17004
- https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581
- https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581
Github
No PoCs found on GitHub currently.