CVE-2022-22117

In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered.

CVSS v3.0 5.4 MEDIUM
CVSS v2.0 3.5 LOW

5.4^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10	Patch Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rangerstudio:directus:9.0.0:-::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha10::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha11::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha12::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha13::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha14::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha15::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha16::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha17::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha18::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha19::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha20::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha21::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha22::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha23::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha24::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha25::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha26::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha27::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha31::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha32::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha33::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha34::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha35::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha36::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha37::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha38::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha39::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha4::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha40::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha41::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha42::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha5::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha6::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha7::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha8::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha9::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta0::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta1::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta10::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta11::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta12::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta13::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta14::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta2::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta3::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta4::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta5::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta7::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta8::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta9::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc0::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc1::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc10::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc100::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc101::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc11::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc12::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc13::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc14::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc15::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc17::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc18::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc19::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc2::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc20::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc21::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc22::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc23::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc24::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc25::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc26::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc27::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc28::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc29::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc3::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc30::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc31::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc32::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc33::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc34::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc35::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc36::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc37::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc38::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc39::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc4::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc40::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc41::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc42::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc43::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc44::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc45::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc46::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc47::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc48::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc49::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc5::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc50::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc51::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc52::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc53::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc54::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc55::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc56::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc57::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc58::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc59::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc6::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc60::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc61::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc62::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc63::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc64::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc65::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc66::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc67::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc68::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc69::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc7::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc70::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc71::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc72::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc73::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc74::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc75::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc76::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc77::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc78::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc79::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc8::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc80::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc81::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc82::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc83::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc84::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc85::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc86::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc87::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc88::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc89::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc9::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc90::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc91::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc92::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc93::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc94::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc95::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc96::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc97::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc98::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc99::::::
cpe:2.3:a:rangerstudio:directus::::::::

Information

Published : 2022-01-10 08:15

Updated : 2022-01-14 11:31

NVD link : CVE-2022-22117

Mitre link : CVE-2022-22117

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

rangerstudio

directus

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10", "name": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117", "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-22117", "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}}, "publishedDate": "2022-01-10T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha17:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha18:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha19:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha20:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha21:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha22:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha23:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha24:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha25:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha26:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha27:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha31:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha32:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha33:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha34:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha35:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha36:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha37:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha38:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha39:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha40:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha41:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha42:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc100:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc17:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc18:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc19:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc20:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc21:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc22:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc23:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc24:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc25:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc26:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc27:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc28:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc29:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc30:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc31:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc32:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc33:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc34:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc35:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc36:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc37:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc38:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc39:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc40:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc41:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc42:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc43:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc44:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc45:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc46:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc47:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc48:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc49:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc50:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc52:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc53:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc54:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc55:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc56:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc57:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc58:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc59:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc60:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc61:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc62:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc63:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc64:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc65:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc66:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc67:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc68:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc69:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc70:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc71:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc72:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc73:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc74:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc75:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc76:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc77:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc78:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc79:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc80:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc81:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc82:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc83:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc84:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc85:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc86:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc87:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc88:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc89:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc90:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc91:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc92:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc93:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc94:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc95:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc96:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc97:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc98:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc99:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.4.1", "versionStartIncluding": "9.0.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-01-14T19:31Z"}

5.4 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2022-22117

5.4^/10

3.5^/10

Attach tags to `CVE-2022-22117`