CVE-2018-1000206
published 2018-07-13CVE-2018-1000206: JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack…
PriorityP336high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
0.76%
50.5th percentile
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| htslib | htslib | >= 0 < 0.2.0~rc3-1ubuntu0.1~esm1 | 0.2.0~rc3-1ubuntu0.1~esm1 |
| htslib | htslib | >= 0 < 1.2.1-2ubuntu1+esm1 | 1.2.1-2ubuntu1+esm1 |
| htslib | htslib | >= 0 < 1.7-2ubuntu0.1~esm1 | 1.7-2ubuntu0.1~esm1 |
| jfrog | artifactory | >= 5.11.0 < 6.1.0 | 6.1.0 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hqm8-r6qj-h62q: JFrog Artifactory version since 5
ghsa_unreviewed·2022-05-14
CVE-2018-1000206 [HIGH] CWE-352 GHSA-hqm8-r6qj-h62q: JFrog Artifactory version since 5
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.
OSV
htslib vulnerabilities
osv·2021-03-15·CVSS 9.8
CVE-2017-1000206 htslib vulnerabilities
htslib vulnerabilities
It was discovered that HTSlib incorrectly handled certain data. An attacker
could possibly use this issue to execute arbitrary code. This issue affected only Ubuntu
16.04 ESM. (CVE-2017-1000206)
It was discovered that HTSlib incorrectly handled certain files. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2018-13845)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/https://www.jfrog.com/jira/browse/RTFACT-17004https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/https://www.jfrog.com/jira/browse/RTFACT-17004https://www.jfrog.com/jira/secure/ReleaseNote.jspa?projectId=10070&version=19581
2018-07-13
Published