CVE-2022-23080

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

CVSS v3 5.0 MEDIUM
CVSS v2.0 4.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83	Patch Third Party Advisory
https://www.mend.io/vulnerability-database/CVE-2022-23080	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rangerstudio:directus::::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta10::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta11::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta12::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta13::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta14::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta2::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta3::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta4::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta5::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta7::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta8::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta9::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc0::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc1::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc10::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc100::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc101::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc11::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc12::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc13::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc14::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc15::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc17::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc18::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc19::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc2::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc20::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc21::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc22::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc23::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc24::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc25::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc26::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc27::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc28::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc29::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc3::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc30::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc31::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc32::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc33::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc34::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc35::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc36::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc37::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc38::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc39::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc4::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc40::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc41::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc42::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc43::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc44::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc45::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc46::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc47::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc48::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc49::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc5::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc50::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc51::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc52::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc53::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc54::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc55::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc56::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc57::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc58::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc59::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc6::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc60::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc61::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc62::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc63::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc64::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc65::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc66::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc67::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc68::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc69::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc7::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc70::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc71::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc72::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc73::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc74::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc75::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc76::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc77::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc78::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc79::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc8::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc80::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc81::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc82::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc83::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc84::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc85::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc86::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc87::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc88::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc89::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc9::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc90::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc91::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc92::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc93::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc94::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc95::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc96::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc97::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc98::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc99::::::

History

05 Jul 2022, 18:38

Type	Values Removed	Values Added
CVSS	v2 : ~~4.0~~ v3 : ~~4.3~~	v2 : 4.0 v3 : 5.0

29 Jun 2022, 16:38

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.0~~	v2 : 4.0 v3 : 4.3
CPE		cpe:2.3:a:rangerstudio:directus:9.0.0:rc12:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc60:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc88:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc21:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc97:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc30:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc35:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc38:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc33:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta13:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta10:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc7:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc77:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta2:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc86:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta5:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc41:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc42:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc69:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc73:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta14:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc2:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc49:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc3:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc59:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc9:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc17:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc56:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc22:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc98:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc11:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc65:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc78:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc51:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc80:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta12:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc85:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc92:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc24:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc66:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc53:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc46:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc15:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc55:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc48:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc72:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc82:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc101:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc44:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta4:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc64:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc5:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc63:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc54:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc95:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc14:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta11:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc23:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc50:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc57:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc20:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc13:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta9:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc45:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta7:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc61:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc89:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc74:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc76:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc96:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc34:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc93:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc29:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc91:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc87:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc6:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc83:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc1:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta3:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc58:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc40:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc90:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc94:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc67:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc70:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:beta8:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc52:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc43:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc32:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc71:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc81:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc39:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc79:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc84:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc25:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc27:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc68:::::: cpe:2.3:a:rangerstudio:directus:::::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc8:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc75:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc99:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc18:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc10:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc37:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc100:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc4:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc19:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc26:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc47:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc62:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc0:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc36:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc31:::::: cpe:2.3:a:rangerstudio:directus:9.0.0:rc28::::::
First Time		Rangerstudio directus Rangerstudio
References	~~(CONFIRM) https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83 -~~	(CONFIRM) https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83 - Patch, Third Party Advisory
References	~~(MISC) https://www.mend.io/vulnerability-database/CVE-2022-23080 -~~	(MISC) https://www.mend.io/vulnerability-database/CVE-2022-23080 - Exploit, Third Party Advisory

22 Jun 2022, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-06-22 16:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-23080

Mitre link : CVE-2022-23080

CVE.ORG link : CVE-2022-23080

JSON object : View

Products Affected

rangerstudio

directus

CWE

CWE-918

Server-Side Request Forgery (SSRF)

5.0 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2022-23080

5.0^/10

4.0^/10

Attach tags to `CVE-2022-23080`