CVE-2022-23080

Summary

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

Affected Software

VendorProductVersion RangeStatus
directusdirectusv9.0.0-beta.10 < unspecifiedaffected
directusdirectusunspecified <= v9.6.0affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

References