CVE-2022-41412
published 2022-11-30CVE-2022-41412: An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF)…
PriorityP276high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.09%
89.5th percentile
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| perfsonar | perfsonar | >= 4.0 < 4.4.5 | 4.4.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe for SSRF via the graphData.cgi endpoint by checking for HTTP 200 responses; the nuclei template targets perfSONAR 4.x and uses an Interactsh out-of-band callback to confirm blind SSRF.
- →Detection should focus on outbound HTTP requests originating from the perfSONAR host (graphData.cgi process) to attacker-controlled or internal infrastructure, indicative of SSRF exploitation.
- ·The nuclei template uses an Interactsh (out-of-band) server for detection, meaning passive/inline detection alone may miss blind SSRF cases; active OOB testing is required for reliable detection.
- ·Vulnerability affects perfSONAR v4.4.5 and prior; ensure version scoping is applied when deploying detection rules to avoid false positives on patched versions.
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
vulncheck8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qvfg-q6v8-7jx8: An issue in the graphData
ghsa_unreviewed·2022-11-30
CVE-2022-41412 [HIGH] CWE-918 GHSA-qvfg-q6v8-7jx8: An issue in the graphData
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
VulnCheck
perfsonar perfsonar Server-Side Request Forgery (SSRF)
vulncheck·2022·CVSS 8.6
CVE-2022-41412 [HIGH] perfsonar perfsonar Server-Side Request Forgery (SSRF)
perfsonar perfsonar Server-Side Request Forgery (SSRF)
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
Affected: perfsonar perfsonar
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-03-17&host_type=src&vulnerability=cve-2022-41412; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-03-22&host_type=src&vulnerability=cve-2022-41412; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-03-23&host_ty
No detection rules found.
Nuclei
perfSONAR 4.x <= 4.4.4 - Server-Side Request Forgery
nuclei·CVSS 8.6
CVE-2022-41412 [HIGH] perfSONAR 4.x <= 4.4.4 - Server-Side Request Forgery
perfSONAR 4.x Interactsh Server
- type: status
status:
- 200
# digest: 4a0a0047304502201c9272d6958e7aca0d7c41880e38d908bd762e6426a1ed510874d4bc4c28d48e0221008487d35fb478b9dffbfc7239478dd836f9f68ec0e54a59ffe57c2192fc0d3dbd:922c64590222798bb761d5b6d8e72950
2022-11-30
Published
Exploited in the wild