Vulnerabilities > Perfsonar > Perfsonar > 4.3.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-01 | CVE-2022-45027 | Server-Side Request Forgery (SSRF) vulnerability in Perfsonar perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address. | 5.3 |
2023-01-01 | CVE-2022-45213 | Unspecified vulnerability in Perfsonar perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL. | 5.3 |
2022-11-30 | CVE-2022-41412 | Server-Side Request Forgery (SSRF) vulnerability in Perfsonar An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. | 8.6 |
2022-11-30 | CVE-2022-41413 | Cross-Site Request Forgery (CSRF) vulnerability in Perfsonar perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. | 4.3 |