CVE-2022-41412

HIGH EXPLOITED NUCLEI

perfSONAR <4.4.5 - SSRF

Title source: llm

Description

An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.

Exploits (1)

nomisec WRITEUP 1 stars

by renmizo · client-side

https://github.com/renmizo/CVE-2022-41412

View Code ZIP pw:eip

Nuclei Templates (1)

perfSONAR 4.x <= 4.4.4 - Server-Side Request Forgery

HIGHVERIFIEDby null_hypothesis

FOFA: title="perfSONAR Toolkit" || title="perfsonar toolkit"

References (2)

[Third Party Advisory] http://packetstormsecurity.com/files/170069/perfSONAR-4.4.4-Open-Proxy-Relay.html

[Third Party Advisory] https://github.com/renmizo/CVE-2022-41412

Scores

CVSS v3 8.6

EPSS 0.8984

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

VulnCheck KEV 2025-03-17

CWE

CWE-918

Status published

Products (1)

perfsonar/perfsonar 4.0 - 4.4.5

Published Nov 30, 2022

Tracked Since Feb 18, 2026