Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45027 | 1 Perfsonar | 1 Perfsonar | 2023-02-16 | N/A | 5.3 MEDIUM |
perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address. | |||||
CVE-2022-45213 | 1 Perfsonar | 1 Perfsonar | 2023-02-16 | N/A | 5.3 MEDIUM |
perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL. | |||||
CVE-2022-41413 | 1 Perfsonar | 1 Perfsonar | 2022-12-02 | N/A | 4.3 MEDIUM |
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. | |||||
CVE-2022-41412 | 1 Perfsonar | 1 Perfsonar | 2022-12-02 | N/A | 8.6 HIGH |
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. |