Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-7538

Disable the ability to frame Artifactory pages on iframe tag

          Details

          • Type: New Feature
          • Status: Resolved
          • Priority: Normal
          • Resolution: Fixed
          • Affects Version/s: 3.5.3
          • Fix Version/s: 4.2.0
          • Component/s: Security
          • Labels:
            None

            Description

            A security report that made with WEBINSPECT indicates that Artifactory vulnerable by cross frame scripting.
            The report indicates that Artifactory pages can be framed into an iframe tag, such as:
            <iframe src="http://localhost:8081/artifactory/webapp/login.html"
            height="100%" width="100%" border="0"></iframe>

            Artifactory should have the ability to disable the ability to frame it's pages inside an iframe tag, probably via a system properties file.

              Attachments

                Activity

                  People

                  • Assignee:
                    chenk Chen Keinan
                    Reporter:
                    shayb Shay Bagants
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    3 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: