cbcvebase.
CVE-2018-1000206
published 2018-07-13

CVE-2018-1000206: JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack…

PriorityP336high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
0.76%
50.5th percentile
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.

Affected

4 ranges
VendorProductVersion rangeFixed in
htslibhtslib>= 0 < 0.2.0~rc3-1ubuntu0.1~esm10.2.0~rc3-1ubuntu0.1~esm1
htslibhtslib>= 0 < 1.2.1-2ubuntu1+esm11.2.1-2ubuntu1+esm1
htslibhtslib>= 0 < 1.7-2ubuntu0.1~esm11.7-2ubuntu0.1~esm1
jfrogartifactory>= 5.11.0 < 6.1.06.1.0

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.