CVE-2022-23080
5.0
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Exploitability: 3.1 / Impact: 1.4
Source: NVD
Description
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.
Affected (114)
Products: Rangerstudio: Directus
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 9.0.1 to 9.6.0 |
References (4)
Source: vulnerabilitylab@mend.io
PatchThird Party Advisory
Source: vulnerabilitylab@mend.io
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.