perfSONAR 4.4.5 Cross Site Request Forgery
A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test
results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to
other sites via transparent XMLHTTPRequests. This partial blind CSRF
bypasses the built-in whitelisting function in perfSONAR.
https://packetstormsecurity.com/files/170070/CVE-2022-41413.tgz
Wed, 30 Nov 2022 21:16:34 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com