Lucene search
Ktg963F24B24-4AF2-47B8-BAEA-7AD5F4DB3633HistoryJan 12, 2022 - 6:30 a.m.
Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite
2022-01-1206:30:14
ktg9
www.huntr.dev
10
cross-site request forgery
phoronix
benchmarking
EPSS
0.001
Percentile
46.6%
Description
Hi there, I would like to report another CSRF in phoronix
Proof of Concept
- Install a local instance of phoronix
- Create a benchmark and note down benchmark id
- Access the link
/?benchmark/<benchmark-id>/&repeat,/?benchmark/<benchmark-id>/&disableand/?benchmark/<benchmark-id>/&removeand see that the benchmark is repeated, disabled and removed.
Impact
This vulnerability is capable of CSRF.
Related
cve
cve
CVE-2022-0238
2022-01-16 11:15:07
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2022-01-16 11:15:00
osv
osv
CVE-2022-0238
2022-01-16 11:15:07
nvd
nvd
CVE-2022-0238
2022-01-16 11:15:07
ubuntucve
ubuntucve
CVE-2022-0238
2022-01-16 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: phoronix-test-suite-10.8.1-1.fc34
2022-02-10 01:16:34
[SECURITY] Fedora 35 Update: phoronix-test-suite-10.8.1-1.fc35
2022-02-10 01:32:18
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0067)
2022-02-18 00:00:00
Fedora: Security Advisory for phoronix-test-suite (FEDORA-2022-43f11039b2)
2022-02-10 00:00:00
Fedora: Security Advisory for phoronix-test-suite (FEDORA-2022-8f968eea82)
2022-02-10 00:00:00
mageia
mageia
Updated phoronix-test-suite packages fix security vulnerability
2022-02-18 03:14:24