An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
8.6CVSS
8.6AI Score
0.047EPSS
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
4.3CVSS
4.7AI Score
0.001EPSS
perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address.
5.3CVSS
5.2AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS