[RTFACT-7538] Disable the ability to frame Artifactory pages on iframe tag - JFrog JIRA

XML

Word

Printable

Details

Type: New Feature
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: 3.5.3
Fix Version/s: 4.2.0
Component/s: Security
Labels:
None

Description

A security report that made with WEBINSPECT indicates that Artifactory vulnerable by cross frame scripting.
The report indicates that Artifactory pages can be framed into an iframe tag, such as:
<iframe src="http://localhost:8081/artifactory/webapp/login.html"
height="100%" width="100%" border="0"></iframe>

Artifactory should have the ability to disable the ability to frame it's pages inside an iframe tag, probably via a system properties file.

Attachments

Activity

People

Assignee:: Chen Keinan (Inactive)

Reporter:: Shay Bagants

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 02/Jun/15 12:54 PM

Updated:: 14/Nov/17 4:17 PM

Resolved:: 04/Oct/15 10:14 AM