2 matches found
CVE-2021-27583
In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2021-27583
Directus 8.x–8.8.1 is affected by a vulnerability where the password reset feature can be leveraged to determine if a given user exists in the database. The issue is confirmed across multiple sources (NVD/Red Hat/OSV/etc.) and is constrained to products no longer supported by the maintainer. The ...