CVE-2022-23080: Server-Side Request Forgery (SSRF)

June 23, 2022

In directus versions v9.0.0-beta.2 through 9.6.0 is vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.

References

github.com/advisories/GHSA-5h75-pvq4-82c9
github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83
nvd.nist.gov/vuln/detail/CVE-2022-23080
www.mend.io/vulnerability-database/CVE-2022-23080

Detect and mitigate CVE-2022-23080 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →