All the vulnerabilites related to Directus - Directus
cve-2022-36031
Vulnerability from cvelistv5
Published
2022-08-19 20:40
Modified
2024-08-03 09:51
Severity ?
EPSS score ?
Summary
Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:51:59.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 9.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-19T20:40:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79"
}
],
"source": {
"advisory": "GHSA-77qm-wvqq-fg79",
"discovery": "UNKNOWN"
},
"title": "Unhandled exception on illegal filename_disk value",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36031",
"STATE": "PUBLIC",
"TITLE": "Unhandled exception on illegal filename_disk value"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "directus",
"version": {
"version_data": [
{
"version_value": "\u003c 9.15.0"
}
]
}
}
]
},
"vendor_name": "directus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755: Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79",
"refsource": "CONFIRM",
"url": "https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79"
}
]
},
"source": {
"advisory": "GHSA-77qm-wvqq-fg79",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36031",
"datePublished": "2022-08-19T20:40:09",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:51:59.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27481
Vulnerability from cvelistv5
Published
2023-03-07 18:20
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the `password` field in `directus_users` can extract the argon2 password hashes by brute forcing the export functionality combined with a `_starts_with` filter. This allows the user to enumerate the password hashes. Accounts cannot be taken over unless the hashes can be reversed which is unlikely with current hardware. This problem has been patched by preventing any hashed/concealed field to be filtered against with the `_starts_with` or other string operator in version 9.16.0. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by ensuring that no user has `read` access to the `password` field in `directus_users`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-m5q3-8wgf-x8xf | x_refsource_CONFIRM | |
| https://github.com/directus/directus/pull/14829 | x_refsource_MISC | |
| https://github.com/directus/directus/pull/15010 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-m5q3-8wgf-x8xf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-m5q3-8wgf-x8xf"
},
{
"name": "https://github.com/directus/directus/pull/14829",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/pull/14829"
},
{
"name": "https://github.com/directus/directus/pull/15010",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/pull/15010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 9.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the `password` field in `directus_users` can extract the argon2 password hashes by brute forcing the export functionality combined with a `_starts_with` filter. This allows the user to enumerate the password hashes. Accounts cannot be taken over unless the hashes can be reversed which is unlikely with current hardware. This problem has been patched by preventing any hashed/concealed field to be filtered against with the `_starts_with` or other string operator in version 9.16.0. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by ensuring that no user has `read` access to the `password` field in `directus_users`. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T18:20:52.855Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-m5q3-8wgf-x8xf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-m5q3-8wgf-x8xf"
},
{
"name": "https://github.com/directus/directus/pull/14829",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/pull/14829"
},
{
"name": "https://github.com/directus/directus/pull/15010",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/pull/15010"
}
],
"source": {
"advisory": "GHSA-m5q3-8wgf-x8xf",
"discovery": "UNKNOWN"
},
"title": "Extract password hashes through export querying in directus"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27481",
"datePublished": "2023-03-07T18:20:52.855Z",
"dateReserved": "2023-03-01T19:03:56.633Z",
"dateUpdated": "2024-08-02T12:09:43.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-54151
Vulnerability from cvelistv5
Published
2024-12-09 20:57
Modified
2024-12-10 17:09
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to "public", an unauthenticated user is able to do any of the supported operations (CRUD, subscriptions) with full admin privileges. This impacts any Directus instance that has either `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` set to `public` allowing unauthenticated users to subscribe for changes on any collection or do REST CRUD operations on user defined collections ignoring permissions. Version 11.3.0 fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-849r-qrwj-8rv4 | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/ce0397d16cf767b5293cd57f626c5349b5732a21 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54151",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T16:10:28.432315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T17:09:06.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-849r-qrwj-8rv4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to \"public\", an unauthenticated user is able to do any of the supported operations (CRUD, subscriptions) with full admin privileges. This impacts any Directus instance that has either `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` set to `public` allowing unauthenticated users to subscribe for changes on any collection or do REST CRUD operations on user defined collections ignoring permissions. Version 11.3.0 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T20:57:28.365Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-849r-qrwj-8rv4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-849r-qrwj-8rv4"
},
{
"name": "https://github.com/directus/directus/commit/ce0397d16cf767b5293cd57f626c5349b5732a21",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/ce0397d16cf767b5293cd57f626c5349b5732a21"
}
],
"source": {
"advisory": "GHSA-849r-qrwj-8rv4",
"discovery": "UNKNOWN"
},
"title": "Directus allows unauthenticated access to WebSocket events and operations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-54151",
"datePublished": "2024-12-09T20:57:28.365Z",
"dateReserved": "2024-11-29T18:02:16.756Z",
"dateUpdated": "2024-12-10T17:09:06.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-34708
Vulnerability from cvelistv5
Published
2024-05-13 19:33
Modified
2024-08-02 02:59
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the `alias` functionality on the API. Normally, these redacted fields will return `**********` however if we change the request to `?alias[workaround]=redacted` we can instead retrieve the plain text value for the field. This can be avoided by removing permission to view the sensitive fields entirely from users or roles that should not be able to see them. This vulnerability is fixed in 10.11.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-p8v3-m643-4xqx | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/e70a90c267bea695afce6545174c2b77517d617b | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T15:21:26.312353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:42:21.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:21.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-p8v3-m643-4xqx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-p8v3-m643-4xqx"
},
{
"name": "https://github.com/directus/directus/commit/e70a90c267bea695afce6545174c2b77517d617b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/e70a90c267bea695afce6545174c2b77517d617b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 10.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the `alias` functionality on the API. Normally, these redacted fields will return `**********` however if we change the request to `?alias[workaround]=redacted` we can instead retrieve the plain text value for the field. This can be avoided by removing permission to view the sensitive fields entirely from users or roles that should not be able to see them. This vulnerability is fixed in 10.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T19:39:55.709Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-p8v3-m643-4xqx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-p8v3-m643-4xqx"
},
{
"name": "https://github.com/directus/directus/commit/e70a90c267bea695afce6545174c2b77517d617b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/e70a90c267bea695afce6545174c2b77517d617b"
}
],
"source": {
"advisory": "GHSA-p8v3-m643-4xqx",
"discovery": "UNKNOWN"
},
"title": "Directus allows redacted data extraction on the API through \"alias\""
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34708",
"datePublished": "2024-05-13T19:33:55.305Z",
"dateReserved": "2024-05-07T13:53:00.133Z",
"dateUpdated": "2024-08-02T02:59:21.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-46990
Vulnerability from cvelistv5
Published
2024-09-18 16:55
Modified
2024-09-18 18:19
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using other registered loopback devices (like `127.0.0.2` - `127.127.127.127`). This issue has been addressed in release versions 10.13.3 and 11.1.0. Users are advised to upgrade. Users unable to upgrade may block this bypass by manually adding the `127.0.0.0/8` CIDR range which will block access to any `127.X.X.X` ip instead of just `127.0.0.1`.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:14:11.914898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:19:24.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 10.13.3"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using other registered loopback devices (like `127.0.0.2` - `127.127.127.127`). This issue has been addressed in release versions 10.13.3 and 11.1.0. Users are advised to upgrade. Users unable to upgrade may block this bypass by manually adding the `127.0.0.0/8` CIDR range which will block access to any `127.X.X.X` ip instead of just `127.0.0.1`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:55:24.255Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-68g8-c275-xf2m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-68g8-c275-xf2m"
},
{
"name": "https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b"
},
{
"name": "https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52"
},
{
"name": "https://github.com/directus/directus/commit/8cbf943b65fd4a763d09a5fdbba8996b1e7797ff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/8cbf943b65fd4a763d09a5fdbba8996b1e7797ff"
},
{
"name": "https://github.com/directus/directus/commit/c1f3ccc681595038d094ce110ddeee38cb38f431",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/c1f3ccc681595038d094ce110ddeee38cb38f431"
}
],
"source": {
"advisory": "GHSA-68g8-c275-xf2m",
"discovery": "UNKNOWN"
},
"title": "SSRF Loopback IP filter bypass in directus"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46990",
"datePublished": "2024-09-18T16:55:24.255Z",
"dateReserved": "2024-09-16T16:10:09.019Z",
"dateUpdated": "2024-09-18T18:19:24.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39896
Vulnerability from cvelistv5
Published
2024-07-08 17:27
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a "helpful" error that the user belongs to another provider. This vulnerability is fixed in 10.13.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46v | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368dae2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:monospace:directus:9.11.0:*:*:*:*:node.js:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "monospace",
"versions": [
{
"lessThan": "10.13.0",
"status": "affected",
"version": "9.11.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39896",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T18:30:43.516471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T18:35:32.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46v"
},
{
"name": "https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368dae2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368dae2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.11, \u003c 10.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a \"helpful\" error that the user belongs to another provider. This vulnerability is fixed in 10.13.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T17:27:56.032Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-jgf4-vwc3-r46v"
},
{
"name": "https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368dae2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/454cb534d6ffa547feb11f4d74b932ae7368dae2"
}
],
"source": {
"advisory": "GHSA-jgf4-vwc3-r46v",
"discovery": "UNKNOWN"
},
"title": "Directus allows SSO User Enumeration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39896",
"datePublished": "2024-07-08T17:27:56.032Z",
"dateReserved": "2024-07-02T19:37:18.599Z",
"dateUpdated": "2024-08-02T04:33:11.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24814
Vulnerability from cvelistv5
Published
2022-04-04 17:50
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ "media_live_embeds": false }` to the _Options Overrides_ option of the Rich Text HTML interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84 | x_refsource_CONFIRM | |
| https://github.com/directus/directus/pull/12020 | x_refsource_MISC | |
| https://github.com/directus/directus/releases/tag/v9.7.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/pull/12020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/releases/tag/v9.7.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 9.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ \"media_live_embeds\": false }` to the _Options Overrides_ option of the Rich Text HTML interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T17:50:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/pull/12020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/releases/tag/v9.7.0"
}
],
"source": {
"advisory": "GHSA-xmjj-3c76-5w84",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting in Directus",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24814",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting in Directus"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "directus",
"version": {
"version_data": [
{
"version_value": "\u003c 9.7.0"
}
]
}
}
]
},
"vendor_name": "directus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-you-see-is-what-you-get by adding `{ \"media_live_embeds\": false }` to the _Options Overrides_ option of the Rich Text HTML interface."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84",
"refsource": "CONFIRM",
"url": "https://github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84"
},
{
"name": "https://github.com/directus/directus/pull/12020",
"refsource": "MISC",
"url": "https://github.com/directus/directus/pull/12020"
},
{
"name": "https://github.com/directus/directus/releases/tag/v9.7.0",
"refsource": "MISC",
"url": "https://github.com/directus/directus/releases/tag/v9.7.0"
}
]
},
"source": {
"advisory": "GHSA-xmjj-3c76-5w84",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24814",
"datePublished": "2022-04-04T17:50:11",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39701
Vulnerability from cvelistv5
Published
2024-07-08 16:43
Modified
2024-08-02 04:26
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Directus >=9.23.0, <=v10.5.3 improperly handles _in, _nin operators. It evaluates empty arrays as valid so expressions like {"role": {"_in": $CURRENT_USER.some_field}} would evaluate to true allowing the request to pass. This results in Broken Access Control because the rule fails to do what it was intended to do: Pass rule if **field** matches any of the **values**. This vulnerability is fixed in 10.6.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-hxgm-ghmv-xjjm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:monospace:directus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "monospace",
"versions": [
{
"lessThan": "10.6.0",
"status": "affected",
"version": "9.23.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39701",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T19:39:42.719726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T16:38:47.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-hxgm-ghmv-xjjm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-hxgm-ghmv-xjjm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.23.0, \u003c 10.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Directus \u003e=9.23.0, \u003c=v10.5.3 improperly handles _in, _nin operators. It evaluates empty arrays as valid so expressions like {\"role\": {\"_in\": $CURRENT_USER.some_field}} would evaluate to true allowing the request to pass. This results in Broken Access Control because the rule fails to do what it was intended to do: Pass rule if **field** matches any of the **values**. This vulnerability is fixed in 10.6.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T16:43:01.595Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-hxgm-ghmv-xjjm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-hxgm-ghmv-xjjm"
}
],
"source": {
"advisory": "GHSA-hxgm-ghmv-xjjm",
"discovery": "UNKNOWN"
},
"title": "Directus Incorrectly handles _in` filter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39701",
"datePublished": "2024-07-08T16:43:01.595Z",
"dateReserved": "2024-06-27T18:44:13.039Z",
"dateUpdated": "2024-08-02T04:26:16.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27474
Vulnerability from cvelistv5
Published
2023-03-06 16:43
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6 | x_refsource_CONFIRM | |
| https://github.com/directus/directus/issues/17119 | x_refsource_MISC | |
| https://github.com/directus/directus/pull/17120 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6"
},
{
"name": "https://github.com/directus/directus/issues/17119",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/issues/17119"
},
{
"name": "https://github.com/directus/directus/pull/17120",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/pull/17120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 9.23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T16:43:54.836Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6"
},
{
"name": "https://github.com/directus/directus/issues/17119",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/issues/17119"
},
{
"name": "https://github.com/directus/directus/pull/17120",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/pull/17120"
}
],
"source": {
"advisory": "GHSA-4hmq-ggrm-qfc6",
"discovery": "UNKNOWN"
},
"title": "HTML Injection in Password Reset email to custom Reset URL in directus"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27474",
"datePublished": "2023-03-06T16:43:54.836Z",
"dateReserved": "2023-03-01T19:03:56.631Z",
"dateUpdated": "2024-08-02T12:09:43.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39699
Vulnerability from cvelistv5
Published
2024-07-08 15:32
Modified
2024-08-02 04:26
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. There was already a reported SSRF vulnerability via file import. It was fixed by resolving all DNS names and checking if the requested IP is an internal IP address. However it is possible to bypass this security measure and execute a SSRF using redirects. Directus allows redirects when importing file from the URL and does not check the result URL. Thus, it is possible to execute a request to an internal IP, for example to 127.0.0.1. However, it is blind SSRF, because Directus also uses response interception technique to get the information about the connect from the socket directly and it does not show a response if the IP address is internal. This vulnerability is fixed in 10.9.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-8p72-rcq4-h6pw | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/d577b44231c0923aca99cac5770fd853801caee1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:monospace:directus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "monospace",
"versions": [
{
"lessThan": "10.9.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39699",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T18:12:46.359227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T18:13:58.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-8p72-rcq4-h6pw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-8p72-rcq4-h6pw"
},
{
"name": "https://github.com/directus/directus/commit/d577b44231c0923aca99cac5770fd853801caee1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/d577b44231c0923aca99cac5770fd853801caee1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 10.9.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. There was already a reported SSRF vulnerability via file import. It was fixed by resolving all DNS names and checking if the requested IP is an internal IP address. However it is possible to bypass this security measure and execute a SSRF using redirects. Directus allows redirects when importing file from the URL and does not check the result URL. Thus, it is possible to execute a request to an internal IP, for example to 127.0.0.1. However, it is blind SSRF, because Directus also uses response interception technique to get the information about the connect from the socket directly and it does not show a response if the IP address is internal. This vulnerability is fixed in 10.9.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T15:32:04.556Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-8p72-rcq4-h6pw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-8p72-rcq4-h6pw"
},
{
"name": "https://github.com/directus/directus/commit/d577b44231c0923aca99cac5770fd853801caee1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/d577b44231c0923aca99cac5770fd853801caee1"
}
],
"source": {
"advisory": "GHSA-8p72-rcq4-h6pw",
"discovery": "UNKNOWN"
},
"title": "Directus has a Blind SSRF On File Import"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39699",
"datePublished": "2024-07-08T15:32:04.556Z",
"dateReserved": "2024-06-27T18:44:13.038Z",
"dateUpdated": "2024-08-02T04:26:15.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22116
Vulnerability from cvelistv5
Published
2022-01-10 15:26
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10 | x_refsource_MISC | |
| https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:55.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"datePublic": "2022-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim\u2019s browser when they open the image URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T15:26:44",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to directus version 9.4.2"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2022-01-04T22:00:00.000Z",
"ID": "CVE-2022-22116",
"STATE": "PUBLIC",
"TITLE": "Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "directus",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.0.0"
},
{
"version_affected": "\u003c=",
"version_value": "9.4.1"
}
]
}
}
]
},
"vendor_name": "directus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim\u2019s browser when they open the image URL."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10",
"refsource": "MISC",
"url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to directus version 9.4.2"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-22116",
"datePublished": "2022-01-10T15:26:44.139518Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-17T03:13:41.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-54128
Vulnerability from cvelistv5
Published
2024-12-05 16:55
Modified
2024-12-06 15:56
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-r6wx-627v-gh2f | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T15:56:14.503876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T15:56:34.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.10.0, \u003c 10.13.4"
},
{
"status": "affected",
"version": "\u003e= 11.0.0-rc.1, \u003c 11.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T18:48:39.961Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-r6wx-627v-gh2f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-r6wx-627v-gh2f"
}
],
"source": {
"advisory": "GHSA-r6wx-627v-gh2f",
"discovery": "UNKNOWN"
},
"title": "Directus has an HTML Injection in Comment"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-54128",
"datePublished": "2024-12-05T16:55:53.434Z",
"dateReserved": "2024-11-29T18:02:16.753Z",
"dateUpdated": "2024-12-06T15:56:34.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22117
Vulnerability from cvelistv5
Published
2022-01-10 15:26
Modified
2024-09-16 18:44
Severity ?
EPSS score ?
Summary
In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10 | x_refsource_MISC | |
| https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:55.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"datePublic": "2022-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T15:26:45",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to directus version 9.4.2"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2022-01-04T22:00:00.000Z",
"ID": "CVE-2022-22117",
"STATE": "PUBLIC",
"TITLE": "Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "directus",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.0.0"
},
{
"version_affected": "\u003c=",
"version_value": "9.4.1"
}
]
}
}
]
},
"vendor_name": "directus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10",
"refsource": "MISC",
"url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to directus version 9.4.2"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-22117",
"datePublished": "2022-01-10T15:26:45.928993Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T18:44:02.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45596
Vulnerability from cvelistv5
Published
2024-09-10 18:43
Modified
2024-09-10 19:20
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId and Oauth2 Directus is using the respond middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. This vulnerability is fixed in 10.13.3 and 11.1.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8 | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b | x_refsource_MISC | |
| https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:20:20.595959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:20:32.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 10.13.3"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId and Oauth2 Directus is using the respond middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. This vulnerability is fixed in 10.13.3 and 11.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524: Use of Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T18:43:33.413Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-cff8-x7jv-4fm8"
},
{
"name": "https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/4aace0bbe57232e38cd6a287ee475293e46dc91b"
},
{
"name": "https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/769fa22797bff5a9231599883b391e013f122e52"
}
],
"source": {
"advisory": "GHSA-cff8-x7jv-4fm8",
"discovery": "UNKNOWN"
},
"title": "Directus\u0027s session is cached for OpenID and OAuth2 if `redirect` is not used"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45596",
"datePublished": "2024-09-10T18:43:33.413Z",
"dateReserved": "2024-09-02T16:00:02.423Z",
"dateUpdated": "2024-09-10T19:20:32.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26492
Vulnerability from cvelistv5
Published
2023-03-03 21:49
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff | x_refsource_MISC | |
| https://github.com/directus/directus/releases/tag/v9.23.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h"
},
{
"name": "https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff"
},
{
"name": "https://github.com/directus/directus/releases/tag/v9.23.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/releases/tag/v9.23.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 9.23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-03T21:49:02.314Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h"
},
{
"name": "https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff"
},
{
"name": "https://github.com/directus/directus/releases/tag/v9.23.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/releases/tag/v9.23.0"
}
],
"source": {
"advisory": "GHSA-j3rg-3rgm-537h",
"discovery": "UNKNOWN"
},
"title": "Directus vulnerable to Server-Side Request Forgery On File Import"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26492",
"datePublished": "2023-03-03T21:49:02.314Z",
"dateReserved": "2023-02-23T23:22:58.577Z",
"dateUpdated": "2024-08-02T11:53:53.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6534
Vulnerability from cvelistv5
Published
2024-08-15 03:10
Modified
2024-08-15 14:11
Severity ?
EPSS score ?
Summary
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fluidattacks.com/advisories/capaldi | third-party-advisory | |
| https://directus.io/ | product |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:monospace:directus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "monospace",
"versions": [
{
"status": "affected",
"version": "10.13.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6534",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T14:09:09.537547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T14:11:40.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Directus",
"vendor": "Directus",
"versions": [
{
"status": "affected",
"version": "10.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the \u0027\u003ccode\u003ePOST /presets\u0027\u003c/code\u003e\u0026nbsp;request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover."
}
],
"value": "Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the \u0027POST /presets\u0027\u00a0request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T03:10:46.778Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/advisories/capaldi"
},
{
"tags": [
"product"
],
"url": "https://directus.io/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Directus 10.13.0 - Insecure object reference via PATH presets",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2024-6534",
"datePublished": "2024-08-15T03:10:46.778Z",
"dateReserved": "2024-07-05T14:42:09.575Z",
"dateUpdated": "2024-08-15T14:11:40.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28239
Vulnerability from cvelistv5
Published
2024-03-12 20:23
Modified
2024-08-22 20:47
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message "Your password needs to be updated" to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203 | x_refsource_MISC | |
| https://docs.directus.io/reference/authentication.html#login-using-sso-providers | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p"
},
{
"name": "https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203"
},
{
"name": "https://docs.directus.io/reference/authentication.html#login-using-sso-providers",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.directus.io/reference/authentication.html#login-using-sso-providers"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:monospace:directus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "monospace",
"versions": [
{
"lessThan": "10.10.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28239",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T16:10:42.050866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T20:47:34.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 10.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There\u0027s a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don\u0027t seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message \"Your password needs to be updated\" to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T20:23:37.857Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p"
},
{
"name": "https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203"
},
{
"name": "https://docs.directus.io/reference/authentication.html#login-using-sso-providers",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.directus.io/reference/authentication.html#login-using-sso-providers"
}
],
"source": {
"advisory": "GHSA-fr3w-2p22-6w7p",
"discovery": "UNKNOWN"
},
"title": "URL Redirection to Untrusted Site in OAuth2/OpenID in directus"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28239",
"datePublished": "2024-03-12T20:23:37.857Z",
"dateReserved": "2024-03-07T14:33:30.035Z",
"dateUpdated": "2024-08-22T20:47:34.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6533
Vulnerability from cvelistv5
Published
2024-08-15 03:04
Modified
2024-08-16 17:31
Severity ?
EPSS score ?
Summary
Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fluidattacks.com/advisories/bocelli | third-party-advisory | |
| https://directus.io/ | product |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:directus:directus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "10.13.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6533",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T17:30:37.202127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T17:31:53.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Directus",
"vendor": "Directus",
"versions": [
{
"status": "unknown",
"version": "10.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover."
}
],
"value": "Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover."
}
],
"impacts": [
{
"capecId": "CAPEC-588",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-588 DOM-Based XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T03:04:08.250Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/advisories/bocelli"
},
{
"tags": [
"product"
],
"url": "https://directus.io/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2024-6533",
"datePublished": "2024-08-15T03:04:08.250Z",
"dateReserved": "2024-07-05T14:42:08.072Z",
"dateUpdated": "2024-08-16T17:31:53.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39895
Vulnerability from cvelistv5
Published
2024-07-08 16:47
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. A denial of service (DoS) attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and consume excessive resources, leading to a denial of service for legitimate users. Request to the endpoint /graphql are sent when visualizing graphs generated at a dashboard. By modifying the data sent and duplicating many times the fields a DoS attack is possible. This vulnerability is fixed in 10.12.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-7hmh-pfrp-vcx4 | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/543b345695071c1de61a35004bd063fe59dba0c8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:monospace:directus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "monospace",
"versions": [
{
"lessThan": "10.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39895",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T13:22:38.687877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T16:40:10.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-7hmh-pfrp-vcx4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-7hmh-pfrp-vcx4"
},
{
"name": "https://github.com/directus/directus/commit/543b345695071c1de61a35004bd063fe59dba0c8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/543b345695071c1de61a35004bd063fe59dba0c8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 10.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. A denial of service (DoS) attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and consume excessive resources, leading to a denial of service for legitimate users. Request to the endpoint /graphql are sent when visualizing graphs generated at a dashboard. By modifying the data sent and duplicating many times the fields a DoS attack is possible. This vulnerability is fixed in 10.12.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T16:47:44.673Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-7hmh-pfrp-vcx4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-7hmh-pfrp-vcx4"
},
{
"name": "https://github.com/directus/directus/commit/543b345695071c1de61a35004bd063fe59dba0c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/543b345695071c1de61a35004bd063fe59dba0c8"
}
],
"source": {
"advisory": "GHSA-7hmh-pfrp-vcx4",
"discovery": "UNKNOWN"
},
"title": "Directus GraphQL Field Duplication Denial of Service (DoS)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39895",
"datePublished": "2024-07-08T16:47:44.673Z",
"dateReserved": "2024-07-02T19:37:18.599Z",
"dateUpdated": "2024-08-02T04:33:11.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38503
Vulnerability from cvelistv5
Published
2023-07-25 22:06
Modified
2024-10-10 17:46
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) are not properly checked when using GraphQL subscription resulting in unauthorized users getting event on their subscription which they should not be receiving according to the permissions. This can be any collection but out-of-the box the `directus_users` collection is configured with such a permissions filter allowing you to get updates for other users when changes happen. Version 10.5.0 contains a patch. As a workaround, disable GraphQL subscriptions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-gggm-66rh-pp98 | x_refsource_CONFIRM | |
| https://github.com/directus/directus/pull/19155 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:55.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-gggm-66rh-pp98",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-gggm-66rh-pp98"
},
{
"name": "https://github.com/directus/directus/pull/19155",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/pull/19155"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:37:11.301595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:46:06.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.3.0, \u003c 10.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) are not properly checked when using GraphQL subscription resulting in unauthorized users getting event on their subscription which they should not be receiving according to the permissions. This can be any collection but out-of-the box the `directus_users` collection is configured with such a permissions filter allowing you to get updates for other users when changes happen. Version 10.5.0 contains a patch. As a workaround, disable GraphQL subscriptions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T22:06:00.476Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-gggm-66rh-pp98",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-gggm-66rh-pp98"
},
{
"name": "https://github.com/directus/directus/pull/19155",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/pull/19155"
}
],
"source": {
"advisory": "GHSA-gggm-66rh-pp98",
"discovery": "UNKNOWN"
},
"title": "Directus has Incorrect Permission Checking for GraphQL Subscriptions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38503",
"datePublished": "2023-07-25T22:06:00.476Z",
"dateReserved": "2023-07-18T16:28:12.077Z",
"dateUpdated": "2024-10-10T17:46:06.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23080
Vulnerability from cvelistv5
Published
2022-06-22 15:40
Modified
2024-09-17 02:22
Severity ?
EPSS score ?
Summary
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.mend.io/vulnerability-database/CVE-2022-23080 | x_refsource_MISC | |
| https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23080"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v9.0.0-beta.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "v9.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"datePublic": "2022-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans."
}
],
"metrics": [
{
"other": {
"content": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": 3.1
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T15:40:10",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23080"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83"
}
],
"solutions": [
{
"lang": "en",
"value": "Update version to v9.7.0 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "directus - SSRF which leads to internal port scan",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "Jan 11, 2022, 3:10:07 PM",
"ID": "CVE-2022-23080",
"STATE": "PUBLIC",
"TITLE": "directus - SSRF which leads to internal port scan"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "directus",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v9.0.0-beta.10"
},
{
"version_affected": "\u003c=",
"version_value": "v9.6.0"
}
]
}
}
]
},
"vendor_name": "directus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": 3.1
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mend.io/vulnerability-database/CVE-2022-23080",
"refsource": "MISC",
"url": "https://www.mend.io/vulnerability-database/CVE-2022-23080"
},
{
"name": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83",
"refsource": "MISC",
"url": "https://github.com/directus/directus/commit/6da3f1ed5034115b1da00440008351bf0d808d83"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update version to v9.7.0 or later"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-23080",
"datePublished": "2022-06-22T15:40:10.515121Z",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-09-17T02:22:06.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36128
Vulnerability from cvelistv5
Published
2024-06-03 14:59
Modified
2024-08-02 03:30
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. This vulnerability is fixed in 10.11.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-632p-p495-25m5 | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/7d2a1392f43613094de700062aba168a9400dd3b | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:monospace:directus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "monospace",
"versions": [
{
"lessThan": "10.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36128",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:30:27.944974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:05.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-632p-p495-25m5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-632p-p495-25m5"
},
{
"name": "https://github.com/directus/directus/commit/7d2a1392f43613094de700062aba168a9400dd3b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/7d2a1392f43613094de700062aba168a9400dd3b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 10.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. This vulnerability is fixed in 10.11.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T14:59:45.507Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-632p-p495-25m5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-632p-p495-25m5"
},
{
"name": "https://github.com/directus/directus/commit/7d2a1392f43613094de700062aba168a9400dd3b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/7d2a1392f43613094de700062aba168a9400dd3b"
}
],
"source": {
"advisory": "GHSA-632p-p495-25m5",
"discovery": "UNKNOWN"
},
"title": "Directus is soft-locked by providing a string value to random string util"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36128",
"datePublished": "2024-06-03T14:59:45.507Z",
"dateReserved": "2024-05-20T21:07:48.190Z",
"dateUpdated": "2024-08-02T03:30:13.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28238
Vulnerability from cvelistv5
Published
2024-03-12 20:24
Modified
2024-08-02 19:50
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:50:33.152837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T19:50:43.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 10.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "CWE-598: Use of GET Request Method With Sensitive Query Strings",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T20:24:28.321Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677"
}
],
"source": {
"advisory": "GHSA-2ccr-g2rv-h677",
"discovery": "UNKNOWN"
},
"title": "Session Token in URL in directus"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28238",
"datePublished": "2024-03-12T20:24:28.321Z",
"dateReserved": "2024-03-07T14:33:30.035Z",
"dateUpdated": "2024-08-02T19:50:43.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-34709
Vulnerability from cvelistv5
Published
2024-05-13 19:39
Modified
2024-08-02 02:59
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.0, session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The `directus_session` gets destroyed and the cookie gets deleted but if the cookie value is captured, it will still work for the entire expiry time which is set to 1 day by default. Making it effectively a long lived unrevokable stateless token instead of the stateful session token it was meant to be. This vulnerability is fixed in 10.11.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-g65h-35f3-x2w3 | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/a6172f8a6a0f31a6bf4305a090de172ebfb63bcf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:00:10.224689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:00:40.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-g65h-35f3-x2w3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-g65h-35f3-x2w3"
},
{
"name": "https://github.com/directus/directus/commit/a6172f8a6a0f31a6bf4305a090de172ebfb63bcf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/a6172f8a6a0f31a6bf4305a090de172ebfb63bcf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.10.0, \u003c 10.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.0, session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The `directus_session` gets destroyed and the cookie gets deleted but if the cookie value is captured, it will still work for the entire expiry time which is set to 1 day by default. Making it effectively a long lived unrevokable stateless token instead of the stateful session token it was meant to be. This vulnerability is fixed in 10.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T19:39:32.313Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-g65h-35f3-x2w3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-g65h-35f3-x2w3"
},
{
"name": "https://github.com/directus/directus/commit/a6172f8a6a0f31a6bf4305a090de172ebfb63bcf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/a6172f8a6a0f31a6bf4305a090de172ebfb63bcf"
}
],
"source": {
"advisory": "GHSA-g65h-35f3-x2w3",
"discovery": "UNKNOWN"
},
"title": "Directus Lacks Session Tokens Invalidation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34709",
"datePublished": "2024-05-13T19:39:32.313Z",
"dateReserved": "2024-05-07T13:53:00.133Z",
"dateUpdated": "2024-08-02T02:59:22.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45820
Vulnerability from cvelistv5
Published
2023-10-19 18:38
Modified
2024-09-12 17:51
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2m | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44f55bb | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2m"
},
{
"name": "https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44f55bb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44f55bb"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:directus:directus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "directus",
"versions": [
{
"lessThan": "10.6.2",
"status": "affected",
"version": "10.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45820",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:37:55.720867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:51:27.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003e=10.4, \u003c 10.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T18:38:18.856Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2m"
},
{
"name": "https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44f55bb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/243eed781b42d6b4948ddb8c3792bcf5b44f55bb"
}
],
"source": {
"advisory": "GHSA-hmgw-9jrg-hf2m",
"discovery": "UNKNOWN"
},
"title": "Directus crashes on invalid WebSocket message"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45820",
"datePublished": "2023-10-19T18:38:18.856Z",
"dateReserved": "2023-10-13T12:00:50.438Z",
"dateUpdated": "2024-09-12T17:51:27.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28443
Vulnerability from cvelistv5
Published
2023-03-23 23:13
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7"
},
{
"name": "https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc"
},
{
"name": "https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 9.23.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T23:13:58.299Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-8vg2-wf3q-mwv7"
},
{
"name": "https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/349536303983ccba68ecb3e4fb35315424011afc"
},
{
"name": "https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13"
}
],
"source": {
"advisory": "GHSA-8vg2-wf3q-mwv7",
"discovery": "UNKNOWN"
},
"title": "directus vulnerable to Insertion of Sensitive Information into Log File"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-28443",
"datePublished": "2023-03-23T23:13:58.299Z",
"dateReserved": "2023-03-15T15:59:10.056Z",
"dateUpdated": "2024-08-02T12:38:25.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47822
Vulnerability from cvelistv5
Published
2024-10-08 17:54
Modified
2024-10-08 18:21
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. This vulnerability has been patched in release version 10.13.2 and subsequent releases as well. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-vw58-ph65-6rxp | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:directus:directus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "directus",
"versions": [
{
"lessThan": "10.13.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47822",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:21:09.697840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:21:46.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 10.13.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. This vulnerability has been patched in release version 10.13.2 and subsequent releases as well. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:54:21.088Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-vw58-ph65-6rxp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-vw58-ph65-6rxp"
}
],
"source": {
"advisory": "GHSA-vw58-ph65-6rxp",
"discovery": "UNKNOWN"
},
"title": "Access token from query string is inserted into logs in Directus"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47822",
"datePublished": "2024-10-08T17:54:21.088Z",
"dateReserved": "2024-10-03T14:06:12.639Z",
"dateUpdated": "2024-10-08T18:21:46.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27296
Vulnerability from cvelistv5
Published
2024-03-01 15:43
Modified
2024-08-08 18:38
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. The problem has been resolved in versions 10.8.3 and newer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j | x_refsource_CONFIRM | |
| https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j"
},
{
"name": "https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:directus:directus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "directus",
"versions": [
{
"lessThan": "10.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T19:28:33.333218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T18:38:46.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 10.8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. The problem has been resolved in versions 10.8.3 and newer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T15:43:33.601Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j"
},
{
"name": "https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0"
}
],
"source": {
"advisory": "GHSA-5mhg-wv8w-p59j",
"discovery": "UNKNOWN"
},
"title": "Directus version number disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27296",
"datePublished": "2024-03-01T15:43:33.601Z",
"dateReserved": "2024-02-22T18:08:38.874Z",
"dateUpdated": "2024-08-08T18:38:46.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27295
Vulnerability from cvelistv5
Published
2024-03-01 15:37
Modified
2024-08-28 16:24
Severity ?
EPSS score ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:28:00.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:directus:directus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "directus",
"vendor": "directus",
"versions": [
{
"lessThan": "10.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T19:45:59.512255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:24:04.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "directus",
"vendor": "directus",
"versions": [
{
"status": "affected",
"version": "\u003c 10.8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706: Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T15:37:09.617Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5"
}
],
"source": {
"advisory": "GHSA-qw9g-7549-7wg5",
"discovery": "UNKNOWN"
},
"title": "Directus MySQL accent insensitive email matching"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27295",
"datePublished": "2024-03-01T15:37:09.617Z",
"dateReserved": "2024-02-22T18:08:38.874Z",
"dateUpdated": "2024-08-28T16:24:04.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202201-1669
Vulnerability from variot
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL. Directus Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Directus is a real-time API and application dashboard. Used to manage Sql database content
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-1669",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "directus",
"scope": "lte",
"trust": 1.0,
"vendor": "rangerstudio",
"version": "9.4.1"
},
{
"model": "directus",
"scope": "eq",
"trust": 1.0,
"vendor": "rangerstudio",
"version": "9.0.0"
},
{
"model": "directus",
"scope": "gte",
"trust": 1.0,
"vendor": "rangerstudio",
"version": "9.0.1"
},
{
"model": "directus",
"scope": "eq",
"trust": 0.8,
"vendor": "directus",
"version": null
},
{
"model": "directus",
"scope": "eq",
"trust": 0.8,
"vendor": "directus",
"version": "9.0.0-alpha.4 to 9.4.1"
},
{
"model": "\u003e=9.0.0-alpha.4,\u003c=9.4.1",
"scope": null,
"trust": 0.6,
"vendor": "directus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08450"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002940"
},
{
"db": "NVD",
"id": "CVE-2022-22116"
}
]
},
"cve": "CVE-2022-22116",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2022-22116",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2022-08450",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "vulnerabilitylab@mend.io",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2022-22116",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2022-002940",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22116",
"trust": 1.0,
"value": "LOW"
},
{
"author": "vulnerabilitylab@mend.io",
"id": "CVE-2022-22116",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-22116",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2022-08450",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-673",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-22116",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08450"
},
{
"db": "VULMON",
"id": "CVE-2022-22116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002940"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-673"
},
{
"db": "NVD",
"id": "CVE-2022-22116"
},
{
"db": "NVD",
"id": "CVE-2022-22116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim\u2019s browser when they open the image URL. Directus Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Directus is a real-time API and application dashboard. Used to manage Sql database content",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002940"
},
{
"db": "CNVD",
"id": "CNVD-2022-08450"
},
{
"db": "VULMON",
"id": "CVE-2022-22116"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22116",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002940",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-08450",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-673",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-22116",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08450"
},
{
"db": "VULMON",
"id": "CVE-2022-22116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002940"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-673"
},
{
"db": "NVD",
"id": "CVE-2022-22116"
}
]
},
"id": "VAR-202201-1669",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08450"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08450"
}
]
},
"last_update_date": "2024-11-23T22:32:57.250000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Add\u00a0Content-Security-Policy\u00a0header\u00a0by\u00a0default\u00a0(#10776)",
"trust": 0.8,
"url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
},
{
"title": "Patch for Directus Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/317436"
},
{
"title": "Directus Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177413"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08450"
},
{
"db": "VULMON",
"id": "CVE-2022-22116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002940"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-673"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002940"
},
{
"db": "NVD",
"id": "CVE-2022-22116"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"
},
{
"trust": 1.7,
"url": "https://www.whitesourcesoftware.com/vulnerability-database/cve-2022-22116"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22116"
},
{
"trust": 0.8,
"url": "https://www.mend.io/vulnerability-database/cve-2022-22116"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08450"
},
{
"db": "VULMON",
"id": "CVE-2022-22116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002940"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-673"
},
{
"db": "NVD",
"id": "CVE-2022-22116"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-08450"
},
{
"db": "VULMON",
"id": "CVE-2022-22116"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002940"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-673"
},
{
"db": "NVD",
"id": "CVE-2022-22116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08450"
},
{
"date": "2022-01-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22116"
},
{
"date": "2023-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002940"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-673"
},
{
"date": "2022-01-10T16:15:10.057000",
"db": "NVD",
"id": "CVE-2022-22116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08450"
},
{
"date": "2022-01-14T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22116"
},
{
"date": "2023-01-31T02:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-002940"
},
{
"date": "2022-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-673"
},
{
"date": "2024-11-21T06:46:12.983000",
"db": "NVD",
"id": "CVE-2022-22116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-673"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directus Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08450"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-673"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-673"
}
],
"trust": 0.6
}
}