Lucene search
Justinp090103675EEC7-BBCE-4DFD-A2D3-D6862DCE9EA6HistoryJan 10, 2022 - 2:34 p.m.
Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite
2022-01-1014:34:00
justinp09010
www.huntr.dev
8
vulnerability
phoronix test suite
cross-site request forgery
impact
proof of concept
bug bounty
EPSS
0.002
Percentile
59.5%
Description
Hello phoronix test suite maintainer team, there is a Cross site request forgery vulnerability in phoronix test suite.
Proof of Concept
- Install phoronix test suite on your system
- Create a test suite
- Open another tab in browser and go to the link
/?local_suites/delete/<suite-name>-1.0.0, for example if suite name is suite-1, then the link would be/?local_suites/delete/suite-1-1.0.0and see that the local test suite is deleted.
Impact
This vulnerability is capable of CSRF.
Related
ubuntucve
ubuntucve
CVE-2022-0196
2022-01-13 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-01-13 01:15:00
osv
osv
CVE-2022-0196
2022-01-13 01:15:08
phoronix-test-suite-10.8.4-1.1 on GA media
2024-06-15 00:00:00
nvd
nvd
CVE-2022-0196
2022-01-13 01:15:08
cvelist
cvelist
cve
cve
CVE-2022-0196
2022-01-13 01:15:08
fedora
fedora
[SECURITY] Fedora 34 Update: phoronix-test-suite-10.8.1-1.fc34
2022-02-10 01:16:34
[SECURITY] Fedora 35 Update: phoronix-test-suite-10.8.1-1.fc35
2022-02-10 01:32:18
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0067)
2022-02-18 00:00:00
Fedora: Security Advisory for phoronix-test-suite (FEDORA-2022-43f11039b2)
2022-02-10 00:00:00
Fedora: Security Advisory for phoronix-test-suite (FEDORA-2022-8f968eea82)
2022-02-10 00:00:00
mageia
mageia
Updated phoronix-test-suite packages fix security vulnerability
2022-02-18 03:14:24