Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

Valid

Reported on

Jan 10th 2022

Description

Hello phoronix test suite maintainer team, there is a Cross site request forgery vulnerability in phoronix test suite.

Install phoronix test suite on your system
Create a test suite
Open another tab in browser and go to the link /?local_suites/delete/<suite-name>-1.0.0, for example if suite name is suite-1, then the link would be /?local_suites/delete/suite-1-1.0.0 and see that the local test suite is deleted.

This vulnerability is capable of CSRF.

phoromatic_local_suites.php L67

We are processing your report and will contact the phoronix-test-suite team within 24 hours. a year ago

We have contacted a member of the phoronix-test-suite team and are waiting to hear back a year ago

A phoronix-test-suite/phoronix-test-suite maintainer validated this vulnerability a year ago

justinp09010 has been awarded the disclosure bounty

The fix bounty is now up for grabs

A phoronix-test-suite/phoronix-test-suite maintainer marked this as fixed in 10.8 with commit 4f1829 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

to join this conversation