Lucene search

GitHub Advisory DatabaseGHSA-77QM-WVQQ-FG79

HistoryAug 30, 2022 - 8:18 p.m.

Directus vulnerable to unhandled exception on illegal filename_disk value

2022-08-3020:18:48

CWE-755

GitHub Advisory Database

github.com

directus

vulnerability

unauthorized access

file directory traversal

patch v9.15.0

non-admin user permissions

security advisory

witold gorecki

software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.1%

JSON

The Directus process can be aborted by having an authorized user update the filename_disk value to a folder and accessing that file through the /assets endpoint.

The vulnerability is patched and released in v9.15.0.

You can prevent this problem by making sure no (untrusted) non-admin users have permissions to update the filename_disk field on directus_files.

For more information

If you have any questions or comments about this advisory:

Open a Discussion in directus/directus
Email us at [email protected]

Credits

This vulnerability was first discovered and reported by Witold Gorecki.

Affected configurations

Vulners

Node

directusdirectusRange<9.15.0

VendorProductVersionCPE
directusdirectus*cpe:2.3:a:directus:directus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
directus	directus	*	cpe:2.3:a:directus:directus::::::::

References

github.com/advisories/GHSA-77qm-wvqq-fg79

github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79

nvd.nist.gov/vuln/detail/CVE-2022-36031

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.1%

JSON

Related for GHSA-77QM-WVQQ-FG79