Miggo Logo

CVE-2022-23080: Server-Side Request Forgery in Directus

5

CVSS Score
3.1

Basic Information

EPSS Score
0.39004%
Published
6/23/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
directusnpm>= 9.0.0-beta.2, < 9.7.09.7.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability exists in the media upload functionality where external URLs are fetched. The patch adds critical security checks: 1) URL validation with proper parsing, 2) DNS resolution to prevent domain->internal IP bypass, 3) IP deny list checks including localhost detection. The absence of these checks in the original code (v9.0.0-beta.2 to 9.6.0) made the importFile method vulnerable to SSRF. The function's direct handling of user-provided URLs and the addition of security logic in the patch confirm this as the vulnerability entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ir**tus v*rsions v*.*.*-**t*.* t*rou** *.*.* *r* vuln*r**l* to s*rv*r-si** r*qu*st *or**ry (SSR*) in t** m**i* uplo** *un*tion*lity, w*i** *llows * low privil**** us*r to p*r*orm int*rn*l n*twork port s**ns.

Reasoning

T** vuln*r**ility *xists in t** m**i* uplo** *un*tion*lity w**r* *xt*rn*l URLs *r* **t****. T** p*t** ***s *riti**l s**urity ****ks: *) URL v*li**tion wit* prop*r p*rsin*, *) *NS r*solution to pr*v*nt *om*in->int*rn*l IP *yp*ss, *) IP **ny list ****k