CVE-2022-0197 : phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Published 2022-01-13 01:15:08

Updated 2022-02-22 10:22:57

Source huntr.dev

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2022-0197

Fedoraproject » Fedora » Version: 34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Matching versions
Phoronix-media » Phoronix Test Suite
Versions before (<) 10.8.0
cpe:2.3:a:phoronix-media:phoronix_test_suite:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 31 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	2.8	3.6	huntr.dev
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Assigned by: security@huntr.dev (Primary)

https://huntr.dev/bounties/5abb7915-32f4-4fb1-afa7-bb6d8c4c5ad2

Cross-Site Request Forgery (CSRF) vulnerability found in phoronix-test-suite
Exploit;Issue Tracking;Patch;Third Party Advisory
https://github.com/phoronix-test-suite/phoronix-test-suite/commit/4f18296a1862fe54a4c58701a1f5ec6bd62a4d94

phoromatic: Some additional input sanitization and starting on some C… · phoronix-test-suite/phoronix-test-suite@4f18296 · GitHub
Patch;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BU7E6OOZCXS3ZWHOQ2AR7MKM56IN2R6R/

[SECURITY] Fedora 34 Update: phoronix-test-suite-10.8.1-1.fc34 - package-announce - Fedora Mailing-Lists
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ/

[SECURITY] Fedora 35 Update: phoronix-test-suite-10.8.1-1.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Patch;Third Party Advisory

CVEs referencing this url

Jump to