CVE-2022-36031

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79	Exploit Mitigation Third Party Advisory
https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79	Exploit Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:monospace:directus:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:12

Type	Values Removed	Values Added
References	~~() https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79 - Exploit, Mitigation, Third Party Advisory~~	() https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79 - Exploit, Mitigation, Third Party Advisory

Information

Published : 2022-08-19 21:15

Updated : 2024-11-21 07:12

NVD link : CVE-2022-36031

Mitre link : CVE-2022-36031

CVE.ORG link : CVE-2022-36031

JSON object : View

Products Affected

monospace

directus

CWE

CWE-755

Improper Handling of Exceptional Conditions

{"id": "CVE-2022-36031", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-08-19T21:15:08.610", "references": [{"url": "https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`."}, {"lang": "es", "value": "Directus es una plataforma de datos gratuita y de c\u00f3digo abierto para la administraci\u00f3n de contenidos sin cabeza. El proceso de Directus puede ser abortado si un usuario autorizado actualiza el valor de \"filename_disk\" a una carpeta y accede a ese archivo mediante el endpoint \"/assets\". Esta vulnerabilidad ha sido parcheada y la versi\u00f3n v9.15.0 contiene la correcci\u00f3n. Es recomendado a usuarios actualizar. Los usuarios que no puedan actualizar pueden evitar este problema al asegurarse de que ning\u00fan usuario (no confiable) que no sea administrador tenga permisos para actualizar el campo \"filename_disk\" en \"directus_files\"."}], "lastModified": "2024-11-21T07:12:13.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:monospace:directus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91156811-B83B-485B-BFBE-5DFA59CBA82B", "versionEndExcluding": "9.15.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}