3 matches found
GHSA-J3RG-3RGM-537H Directus vulnerable to Server-Side Request Forgery On File Import
Summary Directus versions =9.22.4 is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls that were implemented to patch vulnerability CVE-2022-23080 by performing a DNS rebinding attack a...
CVE-2022-23080
Directus CMS: CVE-2022-23080 affects Directus v9.0.0-beta.2 through 9.6.0, enabling SSRF in the media upload flow that lets a low-privilege user perform internal port scans. The connected advisories describe exploit scenarios (e.g., DNS rebinding attempts in file import) and confirm ongoing discu...
CVE-2022-23080 directus - SSRF which leads to internal port scan
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery SSRF in the media upload functionality which allows a low privileged user to perform internal network port scans...