CVE-2022-41413

MEDIUM

perfSONAR <4.4.5 - CSRF

Title source: llm

Description

perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.

Exploits (2)

exploitdb WRITEUP

by Ryan Moore · textwebappsmultiple

https://www.exploit-db.com/exploits/51186

View Code ZIP pw:eip

nomisec WRITEUP

by renmizo · poc

https://github.com/renmizo/CVE-2022-41413

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://packetstormsecurity.com/files/170070/perfSONAR-4.4.5-Cross-Site-Request-Forgery.html

[Third Party Advisory] https://github.com/renmizo/CVE-2022-41413

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171629/perfSONAR-4.4.5-Cross-Site-Request-Forgery.html

Scores

CVSS v3 4.3

EPSS 0.0152

EPSS Percentile 81.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-352

Status published

Products (1)

perfsonar/perfsonar 4.0 - 4.4.5

Published Nov 30, 2022

Tracked Since Feb 18, 2026