perfSONAR
by perfSONAR
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41412 | 0.07 | — | 0.04 | Nov 30, 2022 | An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. | |||
| CVE-2022-41413 | 0.03 | — | 0.02 | Nov 30, 2022 | perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. | |||
| CVE-2022-45027 | 0.00 | — | 0.01 | Jan 1, 2023 | perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address. | |||
| CVE-2022-45213 | 0.00 | — | 0.01 | Jan 1, 2023 | perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL. |
- CVE-2022-41412Nov 30, 2022risk 0.07cvss —epss 0.04
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
- CVE-2022-41413Nov 30, 2022risk 0.03cvss —epss 0.02
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
- CVE-2022-45027Jan 1, 2023risk 0.00cvss —epss 0.01
perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address.
- CVE-2022-45213Jan 1, 2023risk 0.00cvss —epss 0.01
perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.