perfSONAR 4.4.5 Cross Site Request Forgery

A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.

SHA-256 | 44092efeff9a22718267fc8ee3d1add5f9f7c1bd035ed2fb94ece0d6baf60239

Related Posts