exploitDog

GHSA-hqm8-r6qj-h62q

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.

Ссылки

EPSS

Процентиль: 43%

0.00209

Низкий

8.8 High

CVSS3

CVE ID

CVE-2018-1000206

Дефекты

CWE-352

Связанные уязвимости

CVE-2018-1000206

CVSS3: 8.8

nvd

больше 7 лет назад

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.

EPSS

Процентиль: 43%

0.00209

Низкий

8.8 High

CVSS3

CVE ID

CVE-2018-1000206

Дефекты

CWE-352