all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

perfSONAR 4.4.5 Cross Site Request Forgery

Add to bookmarks
Nov. 30, 2022, 9:16 p.m. |

Packet Storm packetstormsecurity.com

A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.

forgery request

Visit resource

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6750-1 16 hours ago | packetstormsecurity.com
arbitrary code attacker browsing bypass +19
Ubuntu Security Notice USN-6743-3 16 hours ago | packetstormsecurity.com
attacker compromise kernel linux +8
Ubuntu Security Notice USN-6657-2 16 hours ago | packetstormsecurity.com
attacker dnsmasq dnssec issue +12
Ubuntu Security Notice USN-6749-1 16 hours ago | packetstormsecurity.com
arbitrary code attacker code context +11
Red Hat Security Advisory 2024-2060-03 16 hours ago | packetstormsecurity.com
advisory bugs denial of service fix +12
Red Hat Security Advisory 2024-2055-03 16 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +4
Red Hat Security Advisory 2024-2045-03 16 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
Red Hat Security Advisory 2024-2044-03 16 hours ago | packetstormsecurity.com
advisory enterprise gnutls information +8
Red Hat Security Advisory 2024-2042-03 16 hours ago | packetstormsecurity.com
advanced advisory critical critical update +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Digital Trust Cyber Transformation Senior

@ KPMG India | Mumbai, Maharashtra, India
View on infosec-jobs.com

Security Consultant, Assessment Services - SOC 2 | Remote US

@ Coalfire | United States
View on infosec-jobs.com

Sr. Systems Security Engineer

@ Effectual | Washington, DC
View on infosec-jobs.com

Cyber Network Engineer

@ SonicWall | Woodbridge, Virginia, United States
View on infosec-jobs.com

Security Architect

@ Nokia | Belgium
View on infosec-jobs.com
View more jobs