CVE-2022-22117

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 10-01-2022 05:15

Last modified: - 14-01-2022 08:31

Total changes: - 2

Description

In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

Low

Privileges required

Changed

Scope

Required

User interaction

5.4

Base score

2.3

2.7

Exploitability score

Impact score

Verification logic

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=-

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha10

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha11

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha12

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha13

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha14

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha15

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha16

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha17

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha18

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha19

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha20

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha21

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha22

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha23

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha24

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha25

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha26

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha27

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha31

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha32

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha33

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha34

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha35

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha36

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha37

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha38

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha39

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha4

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha40

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha41

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha42

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha5

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha6

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha7

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha8

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=alpha9

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta0

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta1

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta10

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta11

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta12

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta13

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta14

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta2

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta3

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta4

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta5

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta7

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta8

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=beta9

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc0

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc1

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc10

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc100

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc101

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc11

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc12

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc13

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc14

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc15

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc17

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc18

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc19

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc2

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc20

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc21

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc22

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc23

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc24

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc25

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc26

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc27

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc28

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc29

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc3

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc30

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc31

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc32

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc33

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc34

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc35

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc36

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc37

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc38

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc39

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc4

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc40

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc41

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc42

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc43

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc44

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc45

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc46

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc47

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc48

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc49

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc5

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc50

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc51

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc52

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc53

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc54

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc55

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc56

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc57

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc58

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc59

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc6

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc60

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc61

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc62

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc63

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc64

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc65

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc66

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc67

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc68

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc69

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc7

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc70

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc71

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc72

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc73

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc74

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc75

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc76

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc77

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc78

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc79

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc8

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc80

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc81

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc82

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc83

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc84

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc85

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc86

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc87

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc88

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc89

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc9

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc90

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc91

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc92

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc93

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc94

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc95

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc96

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc97

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc98

vendor=rangerstudio AND product=directus AND version=9.0.0 AND update=rc99

vendor=rangerstudio AND product=directus AND versionEndIncluding=9.4.1 AND versionStartIncluding=9.0.1

Reference

Keywords

CVE-2022-22117

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-22117

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures