Perfsonar: Security Vulnerabilities
perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-01-01
perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-01-01
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
CVSS Score
8.6
EPSS Score
0.893
Published
2022-11-30
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-11-30
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing.
CVSS Score
5.3
EPSS Score
0.033
Published
2018-06-18
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.
CVSS Score
5.3
EPSS Score
0.033
Published
2018-06-18
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing.
CVSS Score
5.3
EPSS Score
0.033
Published
2018-06-18
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.
CVSS Score
5.3
EPSS Score
0.033
Published
2018-06-18