Directus Server-Side Request Forgery Protection Bypass Vulnerability
Vulnerability
A Server-Side Request Forgery (SSRF) protection bypass vulnerability has been identified in Directus versions prior to 11.16.0. The issue arises from the IP address validation mechanism, which is intended to block requests to local and private networks. This validation could be circumvented by using IPv4-Mapped IPv6 address notation, allowing authenticated users (or unauthenticated users with public file-import permissions) to perform SSRF attacks against internal services or cloud instance metadata endpoints.
Impact
Exploitation of this vulnerability allows for Server-Side Request Forgery attacks, where an attacker could access internal services on the same host or cloud instance metadata endpoints, potentially leading to unauthorized access or manipulation of sensitive data.
Remediation
Users can upgrade to Directus version 11.16.0 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.