Lucene search
PRIOn knowledge basePRION:CVE-2023-26492HistoryMar 03, 2023 - 10:15 p.m.
Server side request forgery (ssrf)
2023-03-0322:15:00
PRIOn knowledge base
www.prio-n.com
directus
ssrf
dns rebinding
security controls
internal servers
sensitive information
version 9.23.0
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to /files/import). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.
Related
nvd
nvd
CVE-2023-26492
2023-03-03 22:15:09
cve
cve
CVE-2023-26492
2023-03-03 22:15:09
cvelist
cvelist
osv
osv
CVE-2023-26492
2023-03-03 22:15:09
Directus vulnerable to Server-Side Request Forgery On File Import
2023-03-03 23:07:35
github
github
Directus vulnerable to Server-Side Request Forgery On File Import
2023-03-03 23:07:35
veracode
veracode
Server-side Request Forgery (SSRF)
2023-03-12 12:40:23
wallarmlab
wallarmlab