4 matches found
CVE-2024-45596
Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId...
@directus/api (>=18.0.0 <=21.0.1) potentially affected by CVE-2024-45596 via directus (>=10.10.0 <=10.13.2)
directus NPM version =10.10.0, =18.0.0, =21.0.1 Source cves: CVE-2024-45596 Source advisory: OSV:GHSA-CFF8-X7JV-4FM8...
@deconz-community/directus-extension-ddf-store (=0.1.0), @directus/api (=21.0.1) +3 more potentially affected by CVE-2024-45596 via @directus/api (>=10.0.0 <=21.0.0)
@directus/api NPM version =10.0.0, =10.0.0, =1.0.0, =2.0.0 Source cves: CVE-2024-45596 Source advisory: OSV:GHSA-CFF8-X7JV-4FM8...
CVE-2024-45596 Directus's session is cached for OpenID and OAuth2 if `redirect` is not used
Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId...