Information Disclosure
Directus is vulnerable to information disclosure. The vulnerability is due to different error messages returned by the /items/collection API when accessing unauthorized existing collections versus non-existent collections, which allows an attacker to enumerate and discover the existence of...