VYPR

perfSONAR

by perfSONAR

CVEs (4)

  • CVE-2022-41412Nov 30, 2022
    risk 0.07cvss epss 0.04

    An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.

  • CVE-2022-41413Nov 30, 2022
    risk 0.03cvss epss 0.02

    perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.

  • CVE-2022-45027Jan 1, 2023
    risk 0.00cvss epss 0.01

    perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address.

  • CVE-2022-45213Jan 1, 2023
    risk 0.00cvss epss 0.01

    perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.