Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-26593
HistoryFeb 23, 2021 - 7:15 p.m.

CVE-2021-26593

2021-02-2319:15:13
Google
osv.dev
2

6.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Related

cve 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2021-26593
2021-02-23 19:15:13
prion
prion
Design/Logic Flaw
2021-02-23 19:15:00
cvelist
cvelist
CVE-2021-26593
2021-02-23 18:57:26
nvd
nvd
CVE-2021-26593
2021-02-23 19:15:13

6.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON
Related for OSV:CVE-2021-26593
cve1prion1cvelist1nvd1