Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite


Reported on

Jan 10th 2022


Hello phoronix test suite maintainer team, there is a Cross site request forgery vulnerability in phoronix test suite.

Proof of Concept

  1. Install phoronix test suite on your system
  2. Create a test suite
  3. Open another tab in browser and go to the link /?local_suites/delete/<suite-name>-1.0.0, for example if suite name is suite-1, then the link would be /?local_suites/delete/suite-1-1.0.0 and see that the local test suite is deleted.


This vulnerability is capable of CSRF.

We are processing your report and will contact the phoronix-test-suite team within 24 hours. 2 years ago
We have contacted a member of the phoronix-test-suite team and are waiting to hear back 2 years ago
phoronix-test-suite/phoronix-test-suite maintainer validated this vulnerability 2 years ago
justinp09010 has been awarded the disclosure bounty
The fix bounty is now up for grabs
phoronix-test-suite/phoronix-test-suite maintainer marked this as fixed in 10.8 with commit 4f1829 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation