Lucene search

K
osvGoogleOSV:CVE-2022-36031
HistoryAug 19, 2022 - 9:15 p.m.

CVE-2022-36031

2022-08-1921:15:08
Google
osv.dev
7
directus
content management
vulnerability
v9.15.0
file access
security fix
user permissions

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

34.1%

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filename_disk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the filename_disk field on directus_files.

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

34.1%

Related for OSV:CVE-2022-36031