N/A

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.

N/A

N/A

JFrog Artifactory 跨站请求伪造漏洞

JFrog Artifactory是以色列JFrog公司的一款开源的通用Artifact存储库管理器，它支持集群和高可用性Docker注册表并提供端到端的用于跟踪从开发到生产的工件自动化解决方案。 JFrog Artifactory 5.11及之后版本中的UI rest端点存在跨站请求伪造漏洞。远程攻击者可借助恶意构造的flash组件利用该漏洞以登录用户的身份执行操作。

N/A

N/A