GHSA-JR94-GJ3H-C8RF Directus Vulnerable to User Enumeration via Password Reset Timing Attack
Summary A timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reseturl parameter is provided, the response time differs by approximately 500ms between existing and non-existing users, enabling reliable user enumeration. Details The password rese...