Monospace Directus Headless CMS File Upload / Rule Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload and Bypassing .htaccess Rules product: Monospace Directus Headless CMS vulnerable version: v8.8.2 fixed version: v8.8.2, v9 is not affected because ...

CVE-2021-26593

In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/id. For each call, they get in response a lot of information about the user such as email address, first name, and last name but also the secret for 2FA if one exists. This secret can be regenerated. NOTE...

CVE-2021-26595

In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products th...

CVE-2021-26593

In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/id. For each call, they get in response a lot of information about the user such as email address, first name, and last name but also the secret for 2FA if one exists. This secret can be regenerated. NOTE...