Lucene search
Veracode Vulnerability DatabaseVERACODE:39684HistoryMar 12, 2023 - 12:40 p.m.
Server-side Request Forgery (SSRF)
2023-03-1212:40:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
48
directus
ssrf
vulnerability
security controls
data exposure
0.001 Low
EPSS
Percentile
49.8%
directus is vulnerable to Server-side Request Forgery (SSRF). The vulnerability exists when importing a file from a remote web server (POST to /files/import), allowing an attacker to bypass the security controls that were implemented to patch the CVE-2022-23080 vulnerability by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan.
Related
osv
osv
Directus vulnerable to Server-Side Request Forgery On File Import
2023-03-03 23:07:35
CVE-2022-23080
2022-06-22 16:15:07
Server-Side Request Forgery in Directus
2022-06-23 00:00:33
github
github
Directus vulnerable to Server-Side Request Forgery On File Import
2023-03-03 23:07:35
Server-Side Request Forgery in Directus
2022-06-23 00:00:33
nvd
nvd
CVE-2023-26492
2023-03-03 22:15:09
CVE-2022-23080
2022-06-22 16:15:07
cve
cve
CVE-2023-26492
2023-03-03 22:15:09
CVE-2022-23080
2022-06-22 16:15:07
prion
prion
Server side request forgery (ssrf)
2023-03-03 22:15:00
Server side request forgery (ssrf)
2022-06-22 16:15:00
cvelist
cvelist
CVE-2022-23080 directus - SSRF which leads to internal port scan
2022-01-11 00:00:00
veracode
veracode
Server-Side Request Forgery (SSRF)
2022-06-23 07:56:23
wallarmlab
wallarmlab