CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27296 – Directus version number disclosure
https://notcve.org/view.php?id=CVE-2024-27296
01 Mar 2024 — Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. The problem has been resolved in versions 10.8.3 and newer. • https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27295 – Directus MySQL accent insensitive email matching
https://notcve.org/view.php?id=CVE-2024-27295
01 Mar 2024 — Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3. • https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28443 – directus vulnerable to Insertion of Sensitive Information into Log File
https://notcve.org/view.php?id=CVE-2023-28443
23 Mar 2023 — Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3. • https://github.com/directus/directus/blob/7c479c5161639aac466c763b6b958a9524201d74/api/src/logger.ts#L13 • CWE-284: Improper Access Control CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27481 – Extract password hashes through export querying in directus
https://notcve.org/view.php?id=CVE-2023-27481
07 Mar 2023 — Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the `password` field in `directus_users` can extract the argon2 password hashes by brute forcing the export functionality combined with a `_starts_with` filter. This allows the user to enumerate the password hashes. Accounts cannot be taken over unless the hashes can be reversed which is unlikely with current hardware. This problem has been patched by preventing any hashed/c... • https://github.com/directus/directus/pull/14829 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27474 – HTML Injection in Password Reset email to custom Reset URL in directus
https://notcve.org/view.php?id=CVE-2023-27474
06 Mar 2023 — Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url... • https://github.com/directus/directus/issues/17119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26492 – Directus vulnerable to Server-Side Request Forgery On File Import
https://notcve.org/view.php?id=CVE-2023-26492
03 Mar 2023 — Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was f... • https://github.com/directus/directus/commit/ff53d3e69a602d05342e15d9bb616884833ddbff • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26969
https://notcve.org/view.php?id=CVE-2022-26969
26 Dec 2022 — In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true. En Directus anterior a 9.7.0, la configuración predeterminada de CORS_ORIGIN y CORS_ENABLED es verdadera. • https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36031 – Unhandled exception on illegal filename_disk value
https://notcve.org/view.php?id=CVE-2022-36031
19 Aug 2022 — Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus... • https://github.com/directus/directus/security/advisories/GHSA-77qm-wvqq-fg79 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24814 – Cross-site Scripting in Directus
https://notcve.org/view.php?id=CVE-2022-24814
04 Apr 2022 — Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run any arbitrary JS. This issue was resolved in version 9.7.0. As a workaround, disable the live embed in the what-yo... • https://github.com/directus/directus/pull/12020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 12%CPEs: 1EXPL: 5CVE-2021-29641 – Monospace Directus Headless CMS File Upload / Rule Bypass
https://notcve.org/view.php?id=CVE-2021-29641
07 Apr 2021 — Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com). Directus 8 versiones anteriores a 8.8.2, permite a los usuarios autenticados remotamente e... • https://packetstorm.news/files/id/162118 • CWE-434: Unrestricted Upload of File with Dangerous Type •