CVE-2022-23080

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

CVSS v3 5.0 MEDIUM
CVSS v2.0 4.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83	Patch Third Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-23080	Exploit Third Party Advisory
https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83	Patch Third Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-23080	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rangerstudio:directus::::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta10::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta11::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta12::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta13::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta14::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta2::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta3::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta4::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta5::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta7::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta8::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta9::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc0::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc1::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc10::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc100::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc101::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc11::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc12::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc13::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc14::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc15::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc17::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc18::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc19::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc2::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc20::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc21::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc22::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc23::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc24::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc25::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc26::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc27::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc28::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc29::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc3::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc30::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc31::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc32::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc33::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc34::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc35::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc36::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc37::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc38::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc39::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc4::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc40::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc41::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc42::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc43::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc44::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc45::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc46::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc47::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc48::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc49::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc5::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc50::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc51::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc52::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc53::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc54::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc55::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc56::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc57::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc58::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc59::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc6::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc60::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc61::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc62::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc63::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc64::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc65::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc66::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc67::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc68::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc69::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc7::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc70::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc71::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc72::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc73::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc74::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc75::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc76::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc77::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc78::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc79::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc8::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc80::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc81::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc82::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc83::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc84::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc85::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc86::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc87::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc88::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc89::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc9::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc90::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc91::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc92::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc93::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc94::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc95::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc96::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc97::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc98::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc99::::::

History

21 Nov 2024, 06:47

Type	Values Removed	Values Added
References	~~() https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83 - Patch, Third Party Advisory~~	() https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83 - Patch, Third Party Advisory
References	~~() https://www.mend.io/vulnerability-database/CVE-2022-23080 - Exploit, Third Party Advisory~~	() https://www.mend.io/vulnerability-database/CVE-2022-23080 - Exploit, Third Party Advisory

Information

Published : 2022-06-22 16:15

Updated : 2024-11-21 06:47

NVD link : CVE-2022-23080

Mitre link : CVE-2022-23080

CVE.ORG link : CVE-2022-23080

JSON object : View

Products Affected

rangerstudio

directus

CWE

CWE-918

Server-Side Request Forgery (SSRF)

5.0 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2022-23080

5.0^/10

4.0^/10

Attach tags to `CVE-2022-23080`