CVE-2022-0196

Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

CVSS 5.4 MEDIUMEPSS 0.7%CWE-352

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.4EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

13 jan 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Produtos afetados

phoronix-test-suite · phoronix-test-suite/phoronix-test-suite

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/phoronix-test-suite/phoronix-test-suite/commit/4f18296a1862fe54a4c58701a1f5ec6bd62a4d94 https://huntr.dev/bounties/3675eec7-bbce-4dfd-a2d3-d6862dce9ea6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU7E6OOZCXS3ZWHOQ2AR7MKM56IN2R6R/