Exploit/Advisories
Published on November 30th, 2022 📆 | 7023 Views ⚑
0perfSONAR 4.4.5 Cross Site Request Forgery
iSpeech
A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.
Source link
Gloss