Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 3:38 a.m.8 views

CVE-2024-45596

Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId...

7.4CVSS7.5AI score0.00618EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2024/09/10 7:43 p.m.46 views

@directus/api (>=18.0.0 <=21.0.1) potentially affected by CVE-2024-45596 via directus (>=10.10.0 <=10.13.2)

directus NPM version =10.10.0, =18.0.0, =21.0.1 Source cves: CVE-2024-45596 Source advisory: OSV:GHSA-CFF8-X7JV-4FM8...

7.4CVSS5.8AI score0.00618EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/09/10 7:43 p.m.8 views

@deconz-community/directus-extension-ddf-store (=0.1.0), @directus/api (=21.0.1) +3 more potentially affected by CVE-2024-45596 via @directus/api (>=10.0.0 <=21.0.0)

@directus/api NPM version =10.0.0, =10.0.0, =1.0.0, =2.0.0 Source cves: CVE-2024-45596 Source advisory: OSV:GHSA-CFF8-X7JV-4FM8...

7.4CVSS5.8AI score0.00618EPSS
Exploits1
Cvelist
Cvelist
added 2024/09/10 6:43 p.m.33 views

CVE-2024-45596 Directus's session is cached for OpenID and OAuth2 if `redirect` is not used

Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId...

7.4CVSS0.00618EPSS
Exploits1References3
Rows per page
Query Builder