CVE-2022-41413

Related Files

perfSONAR 4.4.5 Cross Site Request Forgery

Posted Apr 3, 2023

Authored by Ryan Moore

perfSONAR versions 4.x through 4.4.5 suffer from a partially blind cross site request forgery vulnerability.

tags | exploit, csrf

advisories | CVE-2022-41413

SHA-256 | 24f04c58f2fef4b471d6bb57b59760683c12f4fdab2b5b9f66bd063d707e5662

Download | Favorite | View

perfSONAR 4.4.5 Cross Site Request Forgery

Posted Nov 30, 2022

Authored by Ryan Moore | Site github.com

A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.

tags | exploit, csrf

advisories | CVE-2022-41413

SHA-256 | 44092efeff9a22718267fc8ee3d1add5f9f7c1bd035ed2fb94ece0d6baf60239

Download | Favorite | View