medium
5
CWE
918
Advisory Published
Updated

CVE-2022-23080: SSRF

First published: Wed Jun 22 2022(Updated: )

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

Credit: vulnerabilitylab@mend.io

Affected SoftwareAffected VersionHow to fix
Rangerstudio Directus>=9.0.1<=9.6.0
Rangerstudio Directus=9.0.0-beta10
Rangerstudio Directus=9.0.0-beta11
Rangerstudio Directus=9.0.0-beta12
Rangerstudio Directus=9.0.0-beta13
Rangerstudio Directus=9.0.0-beta14
Rangerstudio Directus=9.0.0-beta2
Rangerstudio Directus=9.0.0-beta3
Rangerstudio Directus=9.0.0-beta4
Rangerstudio Directus=9.0.0-beta5
Rangerstudio Directus=9.0.0-beta7
Rangerstudio Directus=9.0.0-beta8
Rangerstudio Directus=9.0.0-beta9
Rangerstudio Directus=9.0.0-rc0
Rangerstudio Directus=9.0.0-rc1
Rangerstudio Directus=9.0.0-rc10
Rangerstudio Directus=9.0.0-rc100
Rangerstudio Directus=9.0.0-rc101
Rangerstudio Directus=9.0.0-rc11
Rangerstudio Directus=9.0.0-rc12
Rangerstudio Directus=9.0.0-rc13
Rangerstudio Directus=9.0.0-rc14
Rangerstudio Directus=9.0.0-rc15
Rangerstudio Directus=9.0.0-rc17
Rangerstudio Directus=9.0.0-rc18
Rangerstudio Directus=9.0.0-rc19
Rangerstudio Directus=9.0.0-rc2
Rangerstudio Directus=9.0.0-rc20
Rangerstudio Directus=9.0.0-rc21
Rangerstudio Directus=9.0.0-rc22
Rangerstudio Directus=9.0.0-rc23
Rangerstudio Directus=9.0.0-rc24
Rangerstudio Directus=9.0.0-rc25
Rangerstudio Directus=9.0.0-rc26
Rangerstudio Directus=9.0.0-rc27
Rangerstudio Directus=9.0.0-rc28
Rangerstudio Directus=9.0.0-rc29
Rangerstudio Directus=9.0.0-rc3
Rangerstudio Directus=9.0.0-rc30
Rangerstudio Directus=9.0.0-rc31
Rangerstudio Directus=9.0.0-rc32
Rangerstudio Directus=9.0.0-rc33
Rangerstudio Directus=9.0.0-rc34
Rangerstudio Directus=9.0.0-rc35
Rangerstudio Directus=9.0.0-rc36
Rangerstudio Directus=9.0.0-rc37
Rangerstudio Directus=9.0.0-rc38
Rangerstudio Directus=9.0.0-rc39
Rangerstudio Directus=9.0.0-rc4
Rangerstudio Directus=9.0.0-rc40
Rangerstudio Directus=9.0.0-rc41
Rangerstudio Directus=9.0.0-rc42
Rangerstudio Directus=9.0.0-rc43
Rangerstudio Directus=9.0.0-rc44
Rangerstudio Directus=9.0.0-rc45
Rangerstudio Directus=9.0.0-rc46
Rangerstudio Directus=9.0.0-rc47
Rangerstudio Directus=9.0.0-rc48
Rangerstudio Directus=9.0.0-rc49
Rangerstudio Directus=9.0.0-rc5
Rangerstudio Directus=9.0.0-rc50
Rangerstudio Directus=9.0.0-rc51
Rangerstudio Directus=9.0.0-rc52
Rangerstudio Directus=9.0.0-rc53
Rangerstudio Directus=9.0.0-rc54
Rangerstudio Directus=9.0.0-rc55
Rangerstudio Directus=9.0.0-rc56
Rangerstudio Directus=9.0.0-rc57
Rangerstudio Directus=9.0.0-rc58
Rangerstudio Directus=9.0.0-rc59
Rangerstudio Directus=9.0.0-rc6
Rangerstudio Directus=9.0.0-rc60
Rangerstudio Directus=9.0.0-rc61
Rangerstudio Directus=9.0.0-rc62
Rangerstudio Directus=9.0.0-rc63
Rangerstudio Directus=9.0.0-rc64
Rangerstudio Directus=9.0.0-rc65
Rangerstudio Directus=9.0.0-rc66
Rangerstudio Directus=9.0.0-rc67
Rangerstudio Directus=9.0.0-rc68
Rangerstudio Directus=9.0.0-rc69
Rangerstudio Directus=9.0.0-rc7
Rangerstudio Directus=9.0.0-rc70
Rangerstudio Directus=9.0.0-rc71
Rangerstudio Directus=9.0.0-rc72
Rangerstudio Directus=9.0.0-rc73
Rangerstudio Directus=9.0.0-rc74
Rangerstudio Directus=9.0.0-rc75
Rangerstudio Directus=9.0.0-rc76
Rangerstudio Directus=9.0.0-rc77
Rangerstudio Directus=9.0.0-rc78
Rangerstudio Directus=9.0.0-rc79
Rangerstudio Directus=9.0.0-rc8
Rangerstudio Directus=9.0.0-rc80
Rangerstudio Directus=9.0.0-rc81
Rangerstudio Directus=9.0.0-rc82
Rangerstudio Directus=9.0.0-rc83
Rangerstudio Directus=9.0.0-rc84
Rangerstudio Directus=9.0.0-rc85
Rangerstudio Directus=9.0.0-rc86
Rangerstudio Directus=9.0.0-rc87
Rangerstudio Directus=9.0.0-rc88
Rangerstudio Directus=9.0.0-rc89
Rangerstudio Directus=9.0.0-rc9
Rangerstudio Directus=9.0.0-rc90
Rangerstudio Directus=9.0.0-rc91
Rangerstudio Directus=9.0.0-rc92
Rangerstudio Directus=9.0.0-rc93
Rangerstudio Directus=9.0.0-rc94
Rangerstudio Directus=9.0.0-rc95
Rangerstudio Directus=9.0.0-rc96
Rangerstudio Directus=9.0.0-rc97
Rangerstudio Directus=9.0.0-rc98
Rangerstudio Directus=9.0.0-rc99

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203