CVE-2023-26492

Published: Mar 3, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.

Affected (1)

Products: Monospace: Directus

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Monospace Directus	Before 9.23.0

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff

Source: security-advisories@github.com

Patch

https://github.com/directus/directus/releases/tag/v9.23.0

Source: security-advisories@github.com

Release Notes

https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/directus/directus/releases/tag/v9.23.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.