Bug 1194747 (CVE-2022-0238)

Summary:	VUL-0: CVE-2022-0238: phoronix-test-suite: CSRF in the phoromatic component
Product:	[openSUSE] openSUSE Distribution	Reporter:	Thomas Leroy <thomas.leroy>
Component:	Security	Assignee:	Martin Pluskal <mpluskal>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium
Version:	Leap 15.3
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/320745/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Thomas Leroy 2022-01-17 10:39:25 UTC

CVE-2022-0238

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Upstream commit:
https://github.com/phoronix-test-suite/phoronix-test-suite/commit/5755b3bf979cd04caa6feee07e403a5be5ac320e

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0238
https://github.com/phoronix-test-suite/phoronix-test-suite/commit/5755b3bf979cd04caa6feee07e403a5be5ac320e
http://www.cvedetails.com/cve/CVE-2022-0238/
https://huntr.dev/bounties/63f24b24-4af2-47b8-baea-7ad5f4db3633

Comment 1 Thomas Leroy 2022-01-17 10:46:51 UTC

I think the following codestreams are vulnerable:
- openSUSE:Backports:SLE-15-SP3:Update                 7.6.0
- openSUSE:Factory                                     10.4.0
- openSUSE:Leap:15.3:Update                            7.6.0