Lucene search
MendCVELIST:CVE-2022-23080HistoryJan 11, 2022 - 12:00 a.m.
CVE-2022-23080 directus - SSRF which leads to internal port scan
2022-01-1100:00:00
CWE-918
Mend
www.cve.org
1
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.
CNA Affected
[
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v9.0.0-beta.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "v9.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2022-23080
2022-06-22 16:15:07
Server-Side Request Forgery in Directus
2022-06-23 00:00:33
Directus vulnerable to Server-Side Request Forgery On File Import
2023-03-03 23:07:35
cve
cve
CVE-2022-23080
2022-06-22 16:15:07
prion
prion
Server side request forgery (ssrf)
2022-06-22 16:15:00
veracode
veracode
Server-Side Request Forgery (SSRF)
2022-06-23 07:56:23
Server-side Request Forgery (SSRF)
2023-03-12 12:40:23
nvd
nvd
CVE-2022-23080
2022-06-22 16:15:07
github
github
Server-Side Request Forgery in Directus
2022-06-23 00:00:33
Directus vulnerable to Server-Side Request Forgery On File Import
2023-03-03 23:07:35