Vulnerability Details CVE-2022-23080
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.9%
CVSS Severity
CVSS v3 Score 5.0
CVSS v2 Score 4.0
References
Products affected by CVE-2022-23080
-
cpe:2.3:a:rangerstudio:directus:9.0.0
-
cpe:2.3:a:rangerstudio:directus:9.0.1
-
cpe:2.3:a:rangerstudio:directus:9.1.0
-
cpe:2.3:a:rangerstudio:directus:9.1.1
-
cpe:2.3:a:rangerstudio:directus:9.1.2
-
cpe:2.3:a:rangerstudio:directus:9.2.0
-
cpe:2.3:a:rangerstudio:directus:9.2.1
-
cpe:2.3:a:rangerstudio:directus:9.2.2
-
cpe:2.3:a:rangerstudio:directus:9.3.0
-
cpe:2.3:a:rangerstudio:directus:9.4.0
-
cpe:2.3:a:rangerstudio:directus:9.4.1
-
cpe:2.3:a:rangerstudio:directus:9.4.2
-
cpe:2.3:a:rangerstudio:directus:9.4.3
-
cpe:2.3:a:rangerstudio:directus:9.5.0
-
cpe:2.3:a:rangerstudio:directus:9.5.1
-
cpe:2.3:a:rangerstudio:directus:9.5.2
-
cpe:2.3:a:rangerstudio:directus:9.6.0