5 matches found
CVE-2024-54151
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...
CVE-2024-54151
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...
CVE-2024-54151
Directus vulnerability CVE-2024-54151 affects Directus real-time API/admin dashboard. From version 11.0.0 up to, but not including, 11.3.0, configuring WEBSOCKETS_GRAPHQL_AUTH or WEBSOCKETS_REST_AUTH to "public" allows unauthenticated users to perform any supported operations (CRUD, subscriptions...
CVE-2024-54151 Directus allows unauthenticated access to WebSocket events and operations
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...
CVE-2024-54151 Directus allows unauthenticated access to WebSocket events and operations
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...