CVE-2022-35196 in TestLink
Summary
by MITRE • 09/20/2022
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/29/2025
The vulnerability identified as CVE-2022-35196 affects TestLink version 1.9.20 and represents a critical Cross-Site Request Forgery flaw that resides within the planView.php component located in the /lib/plan/ directory. This type of vulnerability allows attackers to trick authenticated users into executing unintended actions on a web application without their knowledge or consent. The specific endpoint /lib/plan/planView.php serves as the attack vector where the CSRF protection mechanisms fail to validate the origin of requests, creating an exploitable condition that can be leveraged by malicious actors to manipulate the application's functionality.
The technical implementation of this vulnerability stems from insufficient validation of the Referer header or the absence of anti-CSRF tokens within the web application's request processing flow. When a user accesses the planView.php page while authenticated, the application fails to implement proper CSRF protection measures such as secret tokens or origin validation. This allows an attacker to craft malicious requests that, when executed by an authenticated user, can perform unauthorized operations within the TestLink application. The flaw essentially removes the application's ability to distinguish between legitimate user-initiated requests and those that have been forged by an attacker, thereby undermining the application's authentication and authorization mechanisms.
The operational impact of this vulnerability extends beyond simple data manipulation as it can lead to complete compromise of the TestLink environment. An attacker could potentially modify test plans, add or remove test cases, alter test execution results, or even escalate privileges within the application. Given that TestLink is typically used for test management and quality assurance processes, the exploitation of this vulnerability could result in corrupted test data, false test results, and ultimately affect the integrity of software development processes. The attack surface is particularly concerning because authenticated users with legitimate access to the application can be tricked into performing malicious actions, making detection difficult and potentially allowing for persistent compromise of the testing infrastructure.
Security professionals should implement multiple layers of defense to mitigate this vulnerability. The primary remediation involves implementing robust CSRF protection mechanisms including the use of anti-CSRF tokens that are generated per session and validated on each request. The application should enforce strict referer header validation or implement the use of custom headers that are unique to each request. Additionally, the principle of least privilege should be enforced to ensure that users only have access to functions necessary for their role within the TestLink environment. Organizations should also consider implementing web application firewalls that can detect and block suspicious request patterns, as well as conducting regular security assessments to identify similar vulnerabilities across the application stack. This vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery, and represents a significant concern within the ATT&CK framework under the T1566 technique for Phishing, as it can be exploited through social engineering attacks that trick users into executing malicious requests.
The remediation process should involve immediate patching of the TestLink application to version 1.9.21 or later, which contains the necessary CSRF protection fixes. Organizations should also conduct thorough security testing to identify if similar vulnerabilities exist in other components of the TestLink application or related systems. Regular security training for development teams on secure coding practices is essential to prevent similar issues in future releases. The vulnerability demonstrates the critical importance of implementing proper input validation and request origin verification, particularly in applications handling sensitive data and administrative functions.