Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-23080
HistoryJun 22, 2022 - 4:15 p.m.

CVE-2022-23080

2022-06-2216:15:07
CWE-918
[email protected]
web.nvd.nist.gov
46
9
cve-2022-23080
directus
ssrf
vulnerability
network scans
nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

Affected configurations

NVD
Node
rangerstudiodirectusRange9.0.19.6.0
OR
rangerstudiodirectusMatch9.0.0beta10
OR
rangerstudiodirectusMatch9.0.0beta11
OR
rangerstudiodirectusMatch9.0.0beta12
OR
rangerstudiodirectusMatch9.0.0beta13
OR
rangerstudiodirectusMatch9.0.0beta14
OR
rangerstudiodirectusMatch9.0.0beta2
OR
rangerstudiodirectusMatch9.0.0beta3
OR
rangerstudiodirectusMatch9.0.0beta4
OR
rangerstudiodirectusMatch9.0.0beta5
OR
rangerstudiodirectusMatch9.0.0beta7
OR
rangerstudiodirectusMatch9.0.0beta8
OR
rangerstudiodirectusMatch9.0.0beta9
OR
rangerstudiodirectusMatch9.0.0rc0
OR
rangerstudiodirectusMatch9.0.0rc1
OR
rangerstudiodirectusMatch9.0.0rc10
OR
rangerstudiodirectusMatch9.0.0rc100
OR
rangerstudiodirectusMatch9.0.0rc101
OR
rangerstudiodirectusMatch9.0.0rc11
OR
rangerstudiodirectusMatch9.0.0rc12
OR
rangerstudiodirectusMatch9.0.0rc13
OR
rangerstudiodirectusMatch9.0.0rc14
OR
rangerstudiodirectusMatch9.0.0rc15
OR
rangerstudiodirectusMatch9.0.0rc17
OR
rangerstudiodirectusMatch9.0.0rc18
OR
rangerstudiodirectusMatch9.0.0rc19
OR
rangerstudiodirectusMatch9.0.0rc2
OR
rangerstudiodirectusMatch9.0.0rc20
OR
rangerstudiodirectusMatch9.0.0rc21
OR
rangerstudiodirectusMatch9.0.0rc22
OR
rangerstudiodirectusMatch9.0.0rc23
OR
rangerstudiodirectusMatch9.0.0rc24
OR
rangerstudiodirectusMatch9.0.0rc25
OR
rangerstudiodirectusMatch9.0.0rc26
OR
rangerstudiodirectusMatch9.0.0rc27
OR
rangerstudiodirectusMatch9.0.0rc28
OR
rangerstudiodirectusMatch9.0.0rc29
OR
rangerstudiodirectusMatch9.0.0rc3
OR
rangerstudiodirectusMatch9.0.0rc30
OR
rangerstudiodirectusMatch9.0.0rc31
OR
rangerstudiodirectusMatch9.0.0rc32
OR
rangerstudiodirectusMatch9.0.0rc33
OR
rangerstudiodirectusMatch9.0.0rc34
OR
rangerstudiodirectusMatch9.0.0rc35
OR
rangerstudiodirectusMatch9.0.0rc36
OR
rangerstudiodirectusMatch9.0.0rc37
OR
rangerstudiodirectusMatch9.0.0rc38
OR
rangerstudiodirectusMatch9.0.0rc39
OR
rangerstudiodirectusMatch9.0.0rc4
OR
rangerstudiodirectusMatch9.0.0rc40
OR
rangerstudiodirectusMatch9.0.0rc41
OR
rangerstudiodirectusMatch9.0.0rc42
OR
rangerstudiodirectusMatch9.0.0rc43
OR
rangerstudiodirectusMatch9.0.0rc44
OR
rangerstudiodirectusMatch9.0.0rc45
OR
rangerstudiodirectusMatch9.0.0rc46
OR
rangerstudiodirectusMatch9.0.0rc47
OR
rangerstudiodirectusMatch9.0.0rc48
OR
rangerstudiodirectusMatch9.0.0rc49
OR
rangerstudiodirectusMatch9.0.0rc5
OR
rangerstudiodirectusMatch9.0.0rc50
OR
rangerstudiodirectusMatch9.0.0rc51
OR
rangerstudiodirectusMatch9.0.0rc52
OR
rangerstudiodirectusMatch9.0.0rc53
OR
rangerstudiodirectusMatch9.0.0rc54
OR
rangerstudiodirectusMatch9.0.0rc55
OR
rangerstudiodirectusMatch9.0.0rc56
OR
rangerstudiodirectusMatch9.0.0rc57
OR
rangerstudiodirectusMatch9.0.0rc58
OR
rangerstudiodirectusMatch9.0.0rc59
OR
rangerstudiodirectusMatch9.0.0rc6
OR
rangerstudiodirectusMatch9.0.0rc60
OR
rangerstudiodirectusMatch9.0.0rc61
OR
rangerstudiodirectusMatch9.0.0rc62
OR
rangerstudiodirectusMatch9.0.0rc63
OR
rangerstudiodirectusMatch9.0.0rc64
OR
rangerstudiodirectusMatch9.0.0rc65
OR
rangerstudiodirectusMatch9.0.0rc66
OR
rangerstudiodirectusMatch9.0.0rc67
OR
rangerstudiodirectusMatch9.0.0rc68
OR
rangerstudiodirectusMatch9.0.0rc69
OR
rangerstudiodirectusMatch9.0.0rc7
OR
rangerstudiodirectusMatch9.0.0rc70
OR
rangerstudiodirectusMatch9.0.0rc71
OR
rangerstudiodirectusMatch9.0.0rc72
OR
rangerstudiodirectusMatch9.0.0rc73
OR
rangerstudiodirectusMatch9.0.0rc74
OR
rangerstudiodirectusMatch9.0.0rc75
OR
rangerstudiodirectusMatch9.0.0rc76
OR
rangerstudiodirectusMatch9.0.0rc77
OR
rangerstudiodirectusMatch9.0.0rc78
OR
rangerstudiodirectusMatch9.0.0rc79
OR
rangerstudiodirectusMatch9.0.0rc8
OR
rangerstudiodirectusMatch9.0.0rc80
OR
rangerstudiodirectusMatch9.0.0rc81
OR
rangerstudiodirectusMatch9.0.0rc82
OR
rangerstudiodirectusMatch9.0.0rc83
OR
rangerstudiodirectusMatch9.0.0rc84
OR
rangerstudiodirectusMatch9.0.0rc85
OR
rangerstudiodirectusMatch9.0.0rc86
OR
rangerstudiodirectusMatch9.0.0rc87
OR
rangerstudiodirectusMatch9.0.0rc88
OR
rangerstudiodirectusMatch9.0.0rc89
OR
rangerstudiodirectusMatch9.0.0rc9
OR
rangerstudiodirectusMatch9.0.0rc90
OR
rangerstudiodirectusMatch9.0.0rc91
OR
rangerstudiodirectusMatch9.0.0rc92
OR
rangerstudiodirectusMatch9.0.0rc93
OR
rangerstudiodirectusMatch9.0.0rc94
OR
rangerstudiodirectusMatch9.0.0rc95
OR
rangerstudiodirectusMatch9.0.0rc96
OR
rangerstudiodirectusMatch9.0.0rc97
OR
rangerstudiodirectusMatch9.0.0rc98
OR
rangerstudiodirectusMatch9.0.0rc99

CNA Affected

[
  {
    "product": "directus",
    "vendor": "directus",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "v9.0.0-beta.10",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "v9.6.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

osv 3
cvelist 1
prion 1
veracode 2
nvd 1
github 2
osv
osv
CVE-2022-23080
2022-06-22 16:15:07
Server-Side Request Forgery in Directus
2022-06-23 00:00:33
Directus vulnerable to Server-Side Request Forgery On File Import
2023-03-03 23:07:35
cvelist
cvelist
CVE-2022-23080 directus - SSRF which leads to internal port scan
2022-01-11 00:00:00
prion
prion
Server side request forgery (ssrf)
2022-06-22 16:15:00
veracode
veracode
Server-Side Request Forgery (SSRF)
2022-06-23 07:56:23
Server-side Request Forgery (SSRF)
2023-03-12 12:40:23
nvd
nvd
CVE-2022-23080
2022-06-22 16:15:07
github
github
Server-Side Request Forgery in Directus
2022-06-23 00:00:33
Directus vulnerable to Server-Side Request Forgery On File Import
2023-03-03 23:07:35

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON
Related for CVE-2022-23080
osv3cvelist1prion1veracode2nvd1github2