CVE-2022-23080

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-23080

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23080.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-23080

Aliases

GHSA-5h75-pvq4-82c9

Published

2022-06-22T15:40:10.515Z

Modified

2026-05-28T03:53:26.364466109Z

Summary

directus - SSRF which leads to internal port scan

Details

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23080.json",
    "cwe_ids": [
        "CWE-918"
    ],
    "cna_assigner": "Mend"
}

References

Affected packages

Git / github.com/directus/directus

Affected ranges

Type: GIT
Repo: https://github.com/directus/directus
Events: Introduced

ba72d2cfd040f7f0db282ccac006f36df6f05058

Fixed

6da3f1ed5034115b1da00440008351bf0d808d83

Affected versions

v9.*

v9.0.1

v9.1.0

v9.1.1

v9.1.2

v9.2.0

v9.2.1

v9.2.2

v9.3.0

v9.4.0

v9.4.1

v9.4.2

v9.4.3

v9.5.0

v9.5.1

v9.5.2

v9.6.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23080.json"