CVE-2022-23080 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Mend	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 44%

Vendor	Product	Version
rangerstudio	directus	9.0.1 ≤ 𝑥 ≤ 9.6.0
rangerstudio	directus	9.0.0:beta10
rangerstudio	directus	9.0.0:beta11
rangerstudio	directus	9.0.0:beta12
rangerstudio	directus	9.0.0:beta13
rangerstudio	directus	9.0.0:beta14
rangerstudio	directus	9.0.0:beta2
rangerstudio	directus	9.0.0:beta3
rangerstudio	directus	9.0.0:beta4
rangerstudio	directus	9.0.0:beta5
rangerstudio	directus	9.0.0:beta7
rangerstudio	directus	9.0.0:beta8
rangerstudio	directus	9.0.0:beta9
rangerstudio	directus	9.0.0:rc0
rangerstudio	directus	9.0.0:rc1
rangerstudio	directus	9.0.0:rc10
rangerstudio	directus	9.0.0:rc100
rangerstudio	directus	9.0.0:rc101
rangerstudio	directus	9.0.0:rc11
rangerstudio	directus	9.0.0:rc12
rangerstudio	directus	9.0.0:rc13
rangerstudio	directus	9.0.0:rc14
rangerstudio	directus	9.0.0:rc15
rangerstudio	directus	9.0.0:rc17
rangerstudio	directus	9.0.0:rc18
rangerstudio	directus	9.0.0:rc19
rangerstudio	directus	9.0.0:rc2
rangerstudio	directus	9.0.0:rc20
rangerstudio	directus	9.0.0:rc21
rangerstudio	directus	9.0.0:rc22
rangerstudio	directus	9.0.0:rc23
rangerstudio	directus	9.0.0:rc24
rangerstudio	directus	9.0.0:rc25
rangerstudio	directus	9.0.0:rc26
rangerstudio	directus	9.0.0:rc27
rangerstudio	directus	9.0.0:rc28
rangerstudio	directus	9.0.0:rc29
rangerstudio	directus	9.0.0:rc3
rangerstudio	directus	9.0.0:rc30
rangerstudio	directus	9.0.0:rc31
rangerstudio	directus	9.0.0:rc32
rangerstudio	directus	9.0.0:rc33
rangerstudio	directus	9.0.0:rc34
rangerstudio	directus	9.0.0:rc35
rangerstudio	directus	9.0.0:rc36
rangerstudio	directus	9.0.0:rc37
rangerstudio	directus	9.0.0:rc38
rangerstudio	directus	9.0.0:rc39
rangerstudio	directus	9.0.0:rc4
rangerstudio	directus	9.0.0:rc40
rangerstudio	directus	9.0.0:rc41
rangerstudio	directus	9.0.0:rc42
rangerstudio	directus	9.0.0:rc43
rangerstudio	directus	9.0.0:rc44
rangerstudio	directus	9.0.0:rc45
rangerstudio	directus	9.0.0:rc46
rangerstudio	directus	9.0.0:rc47
rangerstudio	directus	9.0.0:rc48
rangerstudio	directus	9.0.0:rc49
rangerstudio	directus	9.0.0:rc5
rangerstudio	directus	9.0.0:rc50
rangerstudio	directus	9.0.0:rc51
rangerstudio	directus	9.0.0:rc52
rangerstudio	directus	9.0.0:rc53
rangerstudio	directus	9.0.0:rc54
rangerstudio	directus	9.0.0:rc55
rangerstudio	directus	9.0.0:rc56
rangerstudio	directus	9.0.0:rc57
rangerstudio	directus	9.0.0:rc58
rangerstudio	directus	9.0.0:rc59
rangerstudio	directus	9.0.0:rc6
rangerstudio	directus	9.0.0:rc60
rangerstudio	directus	9.0.0:rc61
rangerstudio	directus	9.0.0:rc62
rangerstudio	directus	9.0.0:rc63
rangerstudio	directus	9.0.0:rc64
rangerstudio	directus	9.0.0:rc65
rangerstudio	directus	9.0.0:rc66
rangerstudio	directus	9.0.0:rc67
rangerstudio	directus	9.0.0:rc68
rangerstudio	directus	9.0.0:rc69
rangerstudio	directus	9.0.0:rc7
rangerstudio	directus	9.0.0:rc70
rangerstudio	directus	9.0.0:rc71
rangerstudio	directus	9.0.0:rc72
rangerstudio	directus	9.0.0:rc73
rangerstudio	directus	9.0.0:rc74
rangerstudio	directus	9.0.0:rc75
rangerstudio	directus	9.0.0:rc76
rangerstudio	directus	9.0.0:rc77
rangerstudio	directus	9.0.0:rc78
rangerstudio	directus	9.0.0:rc79
rangerstudio	directus	9.0.0:rc8
rangerstudio	directus	9.0.0:rc80
rangerstudio	directus	9.0.0:rc81
rangerstudio	directus	9.0.0:rc82
rangerstudio	directus	9.0.0:rc83
rangerstudio	directus	9.0.0:rc84
rangerstudio	directus	9.0.0:rc85
rangerstudio	directus	9.0.0:rc86
rangerstudio	directus	9.0.0:rc87
rangerstudio	directus	9.0.0:rc88
rangerstudio	directus	9.0.0:rc89
rangerstudio	directus	9.0.0:rc9
rangerstudio	directus	9.0.0:rc90
rangerstudio	directus	9.0.0:rc91
rangerstudio	directus	9.0.0:rc92
rangerstudio	directus	9.0.0:rc93
rangerstudio	directus	9.0.0:rc94
rangerstudio	directus	9.0.0:rc95
rangerstudio	directus	9.0.0:rc96
rangerstudio	directus	9.0.0:rc97
rangerstudio	directus	9.0.0:rc98
rangerstudio	directus	9.0.0:rc99

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-918 - Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References

https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83

https://www.mend.io/vulnerability-database/CVE-2022-23080

https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83

https://www.mend.io/vulnerability-database/CVE-2022-23080