Lucene search

K
osvGoogleOSV:GHSA-77QM-WVQQ-FG79
HistoryAug 30, 2022 - 8:18 p.m.

Directus vulnerable to unhandled exception on illegal filename_disk value

2022-08-3020:18:48
Google
osv.dev
15
directus
vulnerability
patch
unauthorized update
filename_disk
permissions
user access
security advisory

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.1%

The Directus process can be aborted by having an authorized user update the filename_disk value to a folder and accessing that file through the /assets endpoint.

The vulnerability is patched and released in v9.15.0.

You can prevent this problem by making sure no (untrusted) non-admin users have permissions to update the filename_disk field on directus_files.

For more information

If you have any questions or comments about this advisory:

Credits

This vulnerability was first discovered and reported by Witold Gorecki.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.1%

Related for OSV:GHSA-77QM-WVQQ-FG79