Perfsonar: >> Perfsonar >> 4.4.5 Security Vulnerabilities
perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-01-01
perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-01-01
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-11-30