CVE-2022-23080

Published: Jun 22, 2022

Modified: Sep 17, 2024

PUBLISHED

Description

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

Vendor	Product	Versions
directus	directus	affected `v9.0.0-beta.10 - < unspecified` affected `unspecified - <= v9.6.0`

Weaknesses (CWE)

CWE-918

References

https://www.mend.io/vulnerability-database/CVE-2022-23080

x_refsource_MISC

https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-23080

Description

Affected Products

Weaknesses (CWE)

References