Lucene search

K
githubGitHub Advisory DatabaseGHSA-77QM-WVQQ-FG79
HistoryAug 30, 2022 - 8:18 p.m.

Directus vulnerable to unhandled exception on illegal filename_disk value

2022-08-3020:18:48
CWE-755
GitHub Advisory Database
github.com
28
directus
vulnerability
unauthorized access
file directory traversal
patch v9.15.0
non-admin user permissions
security advisory
witold gorecki
software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.1%

The Directus process can be aborted by having an authorized user update the filename_disk value to a folder and accessing that file through the /assets endpoint.

The vulnerability is patched and released in v9.15.0.

You can prevent this problem by making sure no (untrusted) non-admin users have permissions to update the filename_disk field on directus_files.

For more information

If you have any questions or comments about this advisory:

Credits

This vulnerability was first discovered and reported by Witold Gorecki.

Affected configurations

Vulners
Node
-directusRange<9.15.0
VendorProductVersionCPE
-directus*cpe:2.3:a:-:directus:*:*:*:*:*:*:*:*

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.1%

Related for GHSA-77QM-WVQQ-FG79