Lucene search
+L

4 matches found

vulnersOsv
vulnersOsv
added 2025/01/23 10:35 p.m.9 views

@altipla/directus-sdk-utils (=0.7.2), @depup/directus (>=11.16.1-depup.0 <=11.17.2-depup.0) +8 more potentially affected by CVE-2025-24353 via directus (>=10.10.0 <=11.1.2)

directus NPM version =10.10.0, =11.16.1-depup.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 - lease-directus-template =0.0.0 Source cves: CVE-2025-24353 Source advisory: OSV:GHSA-PMF4-V838-29HG...

5CVSS5.8AI score0.00372EPSS
Exploits1
NVD
NVD
added 2025/01/23 6:15 p.m.23 views

CVE-2025-24353

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instanc...

5CVSS0.00372EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/01/23 5:45 p.m.6 views

CVE-2025-24353 Directus privilege escalation vulnerability using Share feature

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instanc...

5CVSS5.4AI score0.00372EPSS
Exploits1References5
CVE
CVE
added 2025/01/23 5:45 p.m.110 views

CVE-2025-24353

Directus prior to version 11.2.0 is vulnerable to privilege escalation via the share feature. A user can specify an arbitrary role when sharing an item, enabling access to fields that should be restricted for their role. Affected instances are those using the share feature with a role hierarchy a...

5CVSS5.4AI score0.00372EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder