Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-7538

Disable the ability to frame Artifactory pages on iframe tag

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 3.5.3
    • Fix Version/s: 4.2.0
    • Component/s: Security
    • Labels:
      None

      Description

      A security report that made with WEBINSPECT indicates that Artifactory vulnerable by cross frame scripting.
      The report indicates that Artifactory pages can be framed into an iframe tag, such as:
      <iframe src="http://localhost:8081/artifactory/webapp/login.html"
      height="100%" width="100%" border="0"></iframe>

      Artifactory should have the ability to disable the ability to frame it's pages inside an iframe tag, probably via a system properties file.

        Attachments

          Activity

            People

            • Assignee:
              chenk Chen Keinan
              Reporter:
              shayb Shay Bagants
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: