.. / CVE-2022-41412

Exploit for perfSONAR 4.x <= 4.4.4 - Server-Side Request Forgery (CVE-2022-41412)

Description:

An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.

Nuclei Template

View the template here CVE-2022-41412.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-41412.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-41412
https://www.perfsonar.net/releasenotes-2022-09-20-4-4-5.html
http://packetstormsecurity.com/files/170069/perfSONAR-4.4.4-Open-Proxy-Relay.html
https://github.com/renmizo/CVE-2022-41412
https://github.com/perfsonar/graphs/commit/463e1d9dc30782d9b1c002143551ec78b74e03bb
https://hackerone.com/reports/2445802