彙總 perfsonar 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 SSRF、CSRF與檔案包含 相關,可能在 生產負載與軟體部署 場景中帶來 檔案覆寫與未授權存取 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2022-45213 | perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL. | [email protected] | 5.3 | 0.63% | 2023-01-01 | 2026-06-17 |
| CVE-2022-45027 | perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request header value to determine a local address. | [email protected] | 5.3 | 0.60% | 2023-01-01 | 2026-06-17 |
| CVE-2022-41413 | perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. | [email protected] | 4.3 | 1.99% | 2022-11-30 | 2026-06-17 |
| CVE-2022-41412 | An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. | [email protected] | 8.6 | 4.09% | 2022-11-30 | 2026-06-17 |
| CVE-2018-12525 | An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing. | [email protected] | 5.3 | 7.22% | 2018-06-18 | 2026-06-16 |
| CVE-2018-12524 | An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing. | [email protected] | 5.3 | 7.22% | 2018-06-18 | 2026-06-16 |
| CVE-2018-12523 | An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing. | [email protected] | 5.3 | 7.22% | 2018-06-18 | 2026-06-16 |
| CVE-2018-12522 | An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing. | [email protected] | 5.3 | 7.22% | 2018-06-18 | 2026-06-16 |