Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-7538

Disable the ability to frame Artifactory pages on iframe tag

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 3.5.3
    • Fix Version/s: 4.2.0
    • Component/s: Security
    • Labels:
      None

      Description

      A security report that made with WEBINSPECT indicates that Artifactory vulnerable by cross frame scripting.
      The report indicates that Artifactory pages can be framed into an iframe tag, such as:
      <iframe src="http://localhost:8081/artifactory/webapp/login.html"
      height="100%" width="100%" border="0"></iframe>

      Artifactory should have the ability to disable the ability to frame it's pages inside an iframe tag, probably via a system properties file.

        Attachments

          Activity

            People

            Assignee:
            chenk Chen Keinan (Inactive)
            Reporter:
            shayb Shay Bagants
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: