836 matches found
Password Reset Bypass
Directus is vulnerable to Password Reset Bypass. The vulnerability is due to the password reset mechanism implementation combined with default database configurations in MySQL and MariaDB. This allows attackers in possession of a known email address to redirect a password reset email intended for...
Sensitive Information Disclosure
Directus is vulnerable to an Sensitive Information Disclosure. The vulnerability is due to insecure handling of version information, as the exact version number is included in compiled JS bundles that are accessible without authentication. This exposes potential information that a malicious...
GHSA-5MHG-WV8W-P59J Directus version number disclosure
Impact Currently the exact Directus version number is being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific...
Directus version number disclosure
Impact Currently the exact Directus version number is being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific...
GHSA-QW9G-7549-7WG5 Directus has MySQL accent insensitive email matching
Password reset vulnerable to accent confusion The password reset mechanism of the Directus backend is implemented in a way where combined with specific, need to double check if i can work around configuration in MySQL or MariaDB. As such, it allows attackers to receive a password reset email of a...
Directus has MySQL accent insensitive email matching
Password reset vulnerable to accent confusion The password reset mechanism of the Directus backend is implemented in a way where combined with specific, need to double check if i can work around configuration in MySQL or MariaDB. As such, it allows attackers to receive a password reset email of a...
CVE-2024-27296
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known...
CVE-2024-27295
Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...
Design/Logic Flaw
Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...
Authentication flaw
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known...
CVE-2024-27296 Directus version number disclosure
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known...
CVE-2024-27296 Directus version number disclosure
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known...
CVE-2024-27296 Directus version number disclosure
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known...
CVE-2024-27296
CVE-2024-27296 affects Directus: prior to 10.8.3, the exact Directus version is shipped in compiled JS bundles accessible without authentication, enabling attackers to map to known vulnerabilities in Directus core or dependencies. The issue has been fixed in 10.8.3 and later. Remediation is upgra...
CVE-2024-27295 Directus MySQL accent insensitive email matching
Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...
CVE-2024-27295 Directus MySQL accent insensitive email matching
Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...
CVE-2024-27295 Directus MySQL accent insensitive email matching
Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more...
CVE-2024-27295
Directus vulnerability CVE-2024-27295: the password reset flow can be abused due to accent-insensitive and case-insensitive comparisons in MySQL/MariaDB, enabling an attacker to request a reset for a victim’s account by using a near-identical email address (with accented characters). The issue af...
Directus Security Vulnerabilities
Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.8.3, which stems from a vulnerability that allows an attacker to receive password reset emails from victimized users...
Directus Security Vulnerabilities
Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.8.3 that stems from the Directus version number being provided in the compiled JS bundle, allowing an unauthenticated attacker to obta...